[url=http://Consider the Source, Not Just the File Type]Consider the Source, Not Just the File Type[/url]An uptick in malware that infects music files being traded on popular peer-to-peer (P2P) file-sharing networks should give Windows users pause about downloading songs from unknown sources.
Symantec is reporting a spike in the number of audio files infected with what it calls Trojan.Brisv.A (detected as Worm.Win32.GetCodec.a by other antivirus vendors). The malicious software resides in otherwise innocuous-looking music Windows Media Audio (.wma) files that, when opened, changes all .mp3 and .mp3 files on a host system to Windows Media Audio (.wma) format.
Audio files altered by the Trojan won’t lose their .mp2 or .mp3 file extensions. Rather, the Trojan embeds in each converted media file a placeholder, so that when a victim tries to listen to it, the song is opened up in Windows Media Player. At that point, the victim is prompted to download an audio codec in order to continue playback. If the victim installs the codec, the Trojan installs a program that gives the authors control over the user’s system.
Excellent introduction to internet security.
This thing requires that you do all the stupid things you can possibly think of (except using IE, for some reason?).
Nobody downloads Windows media. Nobody uses Windows Media player. Nobody downloads strange codecs. Nobody does all this using admin rights. Nobody points a loaded gun to his own head.
Sorry, I forgot. Some people do. And then some other people make a living writing stupid articles about stupid people. What did Einstein Say? ;D
It is a bit offensive, huh!?
Lot of ignorant people around.
Some of them become wiser though knowledge, although it’s a rare quality.
I like what you post anyway Frank.Its about internet security and thats what we are about.Also some folks come here without much knowledge like I first did.Some might say I still don.t have much knowledge LOL. ;D.
Hi FwF and codhead,
Why should we put a link here to http://blog.washingtonpost.com/securityfix/
while we could post about this malware from our own cleansing experiences? (or rather why it could not been done completely) here: http://forum.avast.com/index.php?topic=41572.0
I use VLC Media player, but that has been open to vulnerabilities as well. But how can you smile about the security unaware, as the producers of Open Office place their software for download with an older and still buggy version of Sun Java. As I always state: “Security is a form of an attitude”, and even the best of to-days developers go without that attitude or awareness even, so we still have a lot of education to do,
polonus
Hi malware fighters,
Let us talk a bit about the root of the problem. One: the virus is hidden inside a Wmx container file, this is because of the unwise decision (once made) to take up a direction inside this file to a codec that is needed.
Whenever you use audio/video standards (open or closed software does not matter) including this feature is an unwise thing to do. The proof-of-concept for this type of malware exists from 1999 onwards. Microsoft has been informed about this long ago and many times, but they never sort of addressed this issue(s) seriously.
Two: More and more users of Windows do not use an active Software of Hardware Firewall.
Three: Block Windows Media Player, so you will not be prompted about missing codecs or video code, and work it offline…
So old technique really, and 1.6 million users infected through malicious music files,
so draw your conclusions,
polonus
Yes, indeed. According to Secunia, that version of Java, update 7, has 71 unpatched vulnerabilities, IIRC. I’m using the latest security update, Version 6 Update 11. (Update 12 has no security fixes.) OO.org doesn’t seem to be able to use Update 11 for some of its Java dependent features, but I can live without those. Hope they fix it in OO.org 3.1.
Hi Polonus,I was simply saying that I thought Frank,s post was thoughtful in warning people who do not know about problems with windows media player.I have blocked windows media player inbound and out bound on my firewall as I have learned through people like Frank posting that it is open to risks.I was simply saying I am sure someone will find it useful. ;).