Presentation is loading. Please wait.

Presentation is loading. Please wait.

Term Project: A Survey on Attacking Method with Multimedia Files

Published byJosé Miguel Emilio Montes Alarcón Modified over 6 years ago

Similar presentations

Presentation on theme: "Term Project: A Survey on Attacking Method with Multimedia Files"— Presentation transcript:

1 Term Project: A Survey on Attacking Method with Multimedia Files
An, Sanghong KAIST 2010 KAIST, 2010

2 Contents Introduction Motivation Approach & Cases Countermeasures
Exploit & Vulnerability Code Injection Steganography Countermeasures Conclusion Future Work KAIST, 2010

3 Introduction People's guard on media files is looser than executable files or data files. Due to advance of telecommunication, spread of media file get easier. There are so many methods to infect media file then attack. KAIST, 2010

4 Motivation Trojan Horse – classic, effective way
Ads of anti-virus software Alert on the picture files Increase of damage related to media files Easy to lure people, by issues, unwholesome stuffs, etc. KAIST, 2010

5 Approach & Cases Media files can be used in... Exploit & Vulnerability
A weakness that allows attack on the system Buffer overflow Code Injection Attack on the Web Steganography Hide secret data into the data without corruption KAIST, 2010

6 Approach & Cases Exploits & Vulnerability(1/4)
GDI+ Exploits(2004) JPEG header has a flag of including comment data If you insert a '1' or '0' in this location, the GDI+ code will use this information and overwrite the stack with data, which may allow an attacker to execute their own code. It is valid when the victim just 'see' the infected image KAIST, 2010

7 Approach & Cases Exploits & Vulnerability(2/4)
Gom Player exploits(2007) Stack overflow when processing .asx which is used for playlist. Media Player Classic AVI exploits(2007) Due to an input validation error when processing .AVI files can be exploited to cause a buffer overflow via a .AVI file with a specially crafted "indx" chunk. KAIST, 2010

8 Approach & Cases Exploits & Vulnerability(3/4)
Flash exploits(2009) Some attacks using vulnerability of Adobe Flash Player ATL(Active Template Library) Header vulnerability Heep-overflow/Stack-overflow exploit Null-pointer exploit WMP exploits(2009) Malware infects .mp3, .wma, .avi and requests fake codec KAIST, 2010

9 Approach & Cases Exploits & Vulnerability(4/4)
PDF exploits(2010) Some attacks using vulnerability of javascript module on Adobe Acrobat Reader Recently, Attacking method has discovered that make PDF to execute an embedded executable without exploiting any vulnerability! "/Launch /Action" function – execute 3rd party program for PDF ex) Media Player It is a fundamental problem of PDF structure KAIST, 2010

10 Approach & Cases Code Injection
Include file injection Web language vulnerability PHP, ASP… Insert code in .jpg file header or .gif body Like “<? … ?>”statement of PHP Upload the corrupted image in the web page KAIST, 2010

11 Approach & Cases Steganography
A technique of writing hidden messages in such a way that no one suspects the existence of the message, except of the sender and intended recipient. It can be used to information leak. KAIST, 2010

12 Attacking on Smart Phones with Media Files
It may depend on the vulnerabilities of phone OS… It is harder than attack with ordinary exploits Focusing on the media file! KAIST, 2010

13 Luring Malwares with Media
Mimicking malware in Web Hard Fake the size of file with dummy data Hide in the zipped file Hide in the (faked) Self-Extractor Zip with steganography How about mimicking in the web? KAIST, 2010

14 Countermeasures Zero-day Protection Computer Forensics
Preventing memory corruption Multiple-layer protection Whitelisting Computer Forensics Up-to-date Security KAIST, 2010

15 Conclusion Many attacks with media file use vulnerabilities
Luring malwares Self-extractor of steganography KAIST, 2010

16 References [1]“Steganography Obliterator: An Attack on the Least Significant Bits”, Guillermo A. Francia, InfoSecCD, 2006 [2]“악성코드 분석을 위한 실행압축 해제 기법”, NCSC, 2004 [3]“Data Hiding in Windows Executable Files”, Daemin Shin, Yeog Kim, Keunduck Byun, Sangjin Lee [4]“Steganography for Executables and Code Transformation Signatures”, Bertrand Anckaert, Bjorn De Sutter, Dominique Chanet, Koen De Bosschere, ICISC , 2004 [5] “MSN 메신저 PNG 이미지 처리 오버플로우 취약점 분석”, KISA,2005 [6] "Buffer Overrun in JPEG Processing (GDI+) Exploit“, Securiteam [7] JPEG File header [9] "Hydan: Hiding Information in Program Binaries", Rakan El-Khalil and Angelos D. Keromytis, ICISC, 2004 KAIST, 2010

Download ppt "Term Project: A Survey on Attacking Method with Multimedia Files"

Similar presentations

The Keys to Speed. File Extensions Definition A tag of three or four letters, preceded by a period, which identifies a data file's format or the application.

The Keys to Speed. File Extensions Definition A tag of three or four letters, preceded by a period, which identifies a data file's format or the application.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
1 TESL 4340 – Basic web-publishing Dr. Sunny Jeong Web:

1 TESL 4340 – Basic web-publishing Dr. Sunny Jeong Web:
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different.

Security Awareness Chapter 2 Desktop Security. Objectives After completing this chapter, you should be able to do the following: Describe the different.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Overview of Digital Stenography

Overview of Digital Stenography
Steganography for Executables and Code Transformation Signatures Bertrand Anckaert, Bjorn De Sutter, Dominique Chanet and Koen De Bosschere.

Steganography for Executables and Code Transformation Signatures Bertrand Anckaert, Bjorn De Sutter, Dominique Chanet and Koen De Bosschere.
A Security Analysis of the PHP language By Jonas Heineson Mattias Österberg.

A Security Analysis of the PHP language By Jonas Heineson Mattias Österberg.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Exploring Steganography: Seeing the Unseen Neil F. Johnson Sushil Jajodia George Mason University.

Exploring Steganography: Seeing the Unseen Neil F. Johnson Sushil Jajodia George Mason University.
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang 2010/3/29.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
Defeating public exploit protections (EMET v5.2 and more)

Defeating public exploit protections (EMET v5.2 and more)
MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

MSIT 458 – The Chinchillas. Offense Overview Botnet taxonomies need to be updated constantly in order to remain “complete” and are only as good as their.

Similar presentations

Ads by Google