An analysis into the exploitation of the post-attendee URL feature in Zoom webinar regarding malware transmission

Abstract

In response to the COVID-19 pandemic, large businesses and organizations relied on video conferencing applications such as Zoom to maintain public health guidelines due in part to their robust set of features to facilitate productive group events while maintaining social distancing recommendations. While Zoom has many features that can be found in similar video conferencing applications, Zoom also contains a plethora of unique and cutting-edge features to entice modern users. However, when new features are introduced, an inherent risk of vulnerability exploitation has the potential to overshadow the benefits of the feature. One such vulnerable feature within Zoom webinar that is often overlooked is the post-attendee URL, a feature that allows Zoom webinar hosts to set a URL that participants will be redirected to after joining. This study aims to showcase the vulnerabilities of this feature by utilizing URLs of malicious websites and direct download links of files to transmit malware to Zoom webinar participants of the desktop application version of Zoom webinar. This study will also provide an analysis of the residual digital artifacts that are left behind when this feature is utilized to provide digital forensic examiners with the ability to create a comprehensive timeline of events for cases involving this type of attack.