Viral Multimedia

News.com is reporting that six critical vulnerabilities were found in libpng, a widely used library for displaying images in PNG format.  Note that libpng is open source yet no one noticed those vulnerabilities until now.  In my opinion, libpng being free and open source actually contributed to the scalability of attacks that could be launched through those vulnerabilities.

Even more disturbing is that, while patches for vulnerabilities found in end products like IE and Mozilla are quickly and widely distributed, patches for vulnerabilities in libraries often never make it to the end products that use the faulty versions of the libraries for various reasons.

How would you know if any of the infrequently used programs and utilities you have in your computer use vulnerable versions of popular libraries like libpng?  You don't.  Your only protection is that there are easier targets.  Unfortunately, vulnerabilities in multimedia software is starting to look more attractive for hackers.

Most likely avenue of viral multimedia attack is using porn to drive wide distribution of video codecs (compression/decompression) software.  They don't have to carry trojans either.  All they need are a handful of intentional defects for them to use as a wedge later.  They can even release the software as open source since the chance of being discovered before harvest time is rather low.

Consider this a sort of social engineering attack against the little head.