the last video we saw what h I d spoofing attacks are in. This video will be discussing what malicious file slash code attacks are. This attack uses every day flash drives, and because of that, it makes it a bit easier to hide physically because, as you know, flash drives come in many forms factors
now. Within this attack, Attackers usually put malicious code within files or malicious files directly onto these drives.
Now, because of that, there's almost a limitless number of things an attacker could do with this. Tack it. Ah, it's really only limited by the Attackers skills, imagination or the machines countermeasures that the victims put them into
now. Oftentimes, this attack requires some sort of user and an intervention that requires the user actually click on these files
that not that wasn't always the case, and sometimes it isn't. But nowadays, a lot of machines have countermeasure DHS to stop files from running automatically so often times it requires users to actually click on the files.
these tax can be easily disguised that the attacker knows what they're doing.
Attackers can do things like hiding
files within other vials, practice called steganography. Maybe the hide and executed within a picture file and runs the excusable on the victim clicks on the image file.
Now the tech requires often times a second layer sister engineering for victims to click on the files.
So Attackers were often often times give files enticing names or or hide their true nature, like instead ***.
Now there are a few advantages over the h. I D spoofing attack, As I said, uh, malicious files hidden. But they can also run entirely hidden from the victim's view. So often times Ah, victim will have no idea they've been attacked. And that's that's a huge advantage to an attacker because they don't.
They would rather a victim at
have any idea that they've been attacked.
That way they can continue their attack, if that's if that's what it requires.
Another advantage, like I said, is this can use any standard flash drive so attacker doesn't have to go out and get special equipment for this attack.
Now there is a disadvantage. Of course, the Attackers have to know how to circumvent the machines countermeasures. A lot of these files are malicious, and machines can pick up on that. So an attacker has to know how to make files not appear malicious to the machines countermeasures,
so the attack could be successful.