Hello, welcome to the Thursday, April 13th, 2017 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich,

and today I'm recording from Orlando, Florida. Brad today is writing about the latest crypto ransomware

that he's observing in his environment. Now, as usual, the initial link arrives in an email. The user has to click on it,

so no attachment in these emails. And the user is then tricked into downloading a fake office plugin.

This particular ransomware is actually virtual machine aware, so it will not run in a virtual

machine, which of course does hinder reverse analysis somewhat. Brad for now is calling this

ransomware mole based on the extension it's giving encrypted files. And recently, Netflix started streaming its videos over HDPS with the idea to protect

the privacy of its viewers and not allow anybody observing the traffic to deduct what videos

you are watching.

But as pointed out by a paper just published by researchers from West Point,

it's still possible to figure out what movies you're watching based on artifacts in how

the data is being transmitted.

Videos that you're watching online are typically using variable bit rating coding.

What this means is that the video stream is compressed

and then your browser or whatever client you're using to watch the video

is sending individual HTTP requests,

essentially downloading the next piece of the video.

Because of this variable encoding, the size of these pieces varies.

And this is exactly what this paper is after.

By looking at the distribution in chunk sizes that you're downloading from Netflix,

it is actually possible to figure out what video you're watching.

Now, these researchers did catalog 40,000 different Netflix videos.

...