Security expers believe the next big wave of hacker attacks could come from an unexpected source: streaming media files:
uring his presentation at the Black Hat conference in Las Vegas last week, iSEC security Relevant Products/Services researcher David Thiel noted that when Web surfers go to a video content site such as MySpace or YouTube, there is no way to get the multimedia content to shut off. This lack of control represents a method that hackers could potentially exploit to install malicious software on PCs without the computer owner's knowledge.
"Thiel has been playing around with vulnerabilities that exist in the codecs for media players," explained Gartner research vice president Paul Proctor. "If you can find a vulnerability in a codec -- one that can pass executable code through to the media player -- then anybody can insert that into a Web site."
"The bad guys seem to gravitate around the porn sites, which already are all about streaming video and sound, so they are a likely place for somebody getting attacked because the criminals are already there," Proctor said. "It points to the need for the media player vendors out there to keep up to date on their patches."