In 1990s, burglars used to break into house, while the residents were viewing some interesting television shows. This type of attacks happened mainly in the physical world and it was expected that cyber world is free from such crimes. Unfortunately, this is not true. A skilled hacker could compromise a system, while the user is viewing (an interesting) video file. Quite often computer users, use their machines for viewing (interesting) videos. Such users may be naive users or could even be those who work on mission critical systems, like banking, defence, nuclear power-plant, space agencies etc. So playing a video file can lead to high security risk. In this paper, we have analysed video files, for detecting multistage attacks. We found that some video files contain malicious link through which an exploit gets downloaded into the host machine. The contribution of this paper is the discovery of novel attacks that are hidden (by perpetrator) in innocuous video files with the objective of staging a targeted attack in multiple stages. Finally, we propose a new method for detection of such attacks (carried through video files) using API calls.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Price excludes VAT (USA)
Tax calculation will be finalised during checkout.
Alazab, M., Venkataraman, S., & Watters, P. (2010a). Towards understanding malware behaviour by the extraction of API calls. In Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second (pp. 52–59). IEEE.
Alazab, M., Layton, R., Venkataraman, S., & Watters, P. (2010b). Malware detection based on structural and behavioural features of API calls.
Balduzzi, M., Ciangaglini, V., & McArdle, R. (2013). Targeted attacks detection with spunge. In Privacy, Security and Trust (PST), 2013 Eleventh Annual International Conference on (pp. 185–194). IEEE.
Bencsáth, B., Pék, G., Buttyán, L., & Felegyhazi, M. (2012). The cousins of stuxnet: duqu, flame, and gauss. Future Internet, 4(4), 971–1003.
GREAT (2013). The Icefog APT: a Tale of Cloak and Three Daggers. Kaspersky Lab Global Research and Analysis Team (GREAT).
Handurukande, S. B., Kermarrec, A. M., Le Fessant, F., Massoulié, L., & Patarin, S. (2006). Peer sharing behaviour in the edonkey network, and implications for the design of server-less file sharing systems. ACM, 40(4), 359–371.
Kurose, J. F. (2005). Computer networking: a top-down approach featuring the internet. Pearson Education India.
Lewis, C., Rhoden, B., & Sturton, C. (2007). Using structured random data to precisely fuzz media players. Project Report.
Li, F., Lai, A., & Ddl, D. (2011). Evidence of advanced persistent threat: a case study of malware for political espionage. In Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on (pp. 102–109). IEEE.
Ma, W., Duan, P., Liu, S., Gu, G., & Liu, J. C. (2012). Shadow attacks: automatically evading system-call-behavior based malware detection. Journal in Computer Virology, 8(1–2), 1–13.
McDonald, G., Murchu, L. O., Doherty, S., & Chien, E. (2013). Stuxnet 0.5: the missing link. Symantec Report.
Menn, J. (2012). Key internet operator VeriSign hit by hackers. Reuters (February 2, 2012).
Microsoft (2014) Article ID: 828026 - Last review: 20 - Revision: 13.0 https://support.microsoft.com/kb/828026?wa=wsignin1.0.
Mohandas R., Thomas V., & Prashanth P. R. (2013). U.S. Patent No. 8,510,829. Washington, DC: U.S. Patent and Trademark Office.
Nath, H. V., & Mehtre, B. M. (2014a). Torrent file 1. https://www.dropbox.com/s/d0oep28823aahzh/%5Bmonova.org%5D%20Neelakasham_Pachakadal_Chuvanna_Bhoomi_%282013%29_Malayalam_MOVIE-1CD_MJY-CAM.torrent.
Nath, H. V., & Mehtre, B. M., (2014b). Video file 1. https://www.dropbox.com/s/cftrvega2n2krxk/Neelakasham%20Pachakadal%20Chuvanna%20Bhoomi%20%282012%29%20Malayalam%20MOVIE-1CD%20MJY-CAM.wmv.
Nath, H. V., & Mehtre, B. M., (2014c). RAM file. https://www.dropbox.com/s/jimr7z2dz2wm6mi/RAM1.vmem.
Nath, H. V., & Mehtre, B. M., (2014d). PCAP file. https://www.dropbox.com/s/dwpez63aec6s6u0/Internet%20Communication%20on%20NPCB.pcap.
Nath, H. V., & Mehtre, B. M. (2015a). Torrent file 2. https://www.dropbox.com/s/pu5vb6rdck3jfge/MONOVA.ORG%20100_Degree_Celsius_%282014%29_Malayalam_DVDRip_x264_AAC_5.1_E-Subs-MBRHDRG.torrent.
Nath, H. V., & Mehtre, B. M. (2015b). Video file 2. https://www.dropbox.com/s/wt80iawsr3ooadg/100%20Degree%20Celsius%202014%20DVDRip%20x264%20AAC%205%201%20E%20Subs%20Malayalam%20Movie.avi.
Pouwelse, J., Garbacki, P., Epema, D., & Sips, H. (2005). The bittorrent p2p file-sharing system: measurements and analysis. In Peer-to-Peer Systems IV (pp. 205–216). Springer Berlin Heidelberg.
Prosecutors, P. (2012). Messiah spyware infects Middle East targets.
Raymond, D., Conti, G., Cross, T., & Fanelli, R. (2013). A control measure framework to limit collateral damage and propagation of cyber weapons. In Cyber Conflict (CyCon), 2013 5th International Conference on (pp. 1–16). IEEE.
Sami, A., Yadegari, B., Rahimi, H., Peiravian, N., Hashemi, S., & Hamze, A. (2010). Malware detection based on mining API calls. In Proceedings of the 2010 ACM Symposium on Applied Computing (pp. 1020–1025). ACM.
Shyamasundar, R. K. (2013). Security and protection of SCADA: a bigdata algorithmic approach. In Proceedings of the 6th International Conference on Security of Information and Networks (pp. 20–27). ACM.
Sood, A. K., & Enbody, R. J. (2013). Targeted cyberattacks: a superset of advanced persistent threats. IEEE Security and Privacy, 11(1), 54–61.
Thiel, D. (2008). Exposing vulnerabilities in media software. In Black Hat conference presentation, BlackHat EU.
Wang, C., Pang, J., Zhao, R., & Liu, X. (2009). Using API sequence and Bayes algorithm to detect suspicious behavior. In Communication Software and Networks, 2009. ICCSN’09. International Conference on (pp. 544–548). IEEE.
Zetter, K. (2010). Google hack attack was ultra sophisticated, new details show. Wired Magazine, 14.
Rights and permissions
About this article
Cite this article
Nath, H.V., Mehtre, B.M. Analysis of a multistage attack embedded in a video file. Inf Syst Front 17, 1029–1037 (2015). https://doi.org/10.1007/s10796-015-9570-5
- Multi-stage attacks
- Malicious video file
- Drive-by-download attack
- Targeted attacks
- Novel attacks