ClickAider

notesNcodes

notesNcodes
random notes, random codes

New Trojan infecting multimedia files



I don’t understand why people don’t get rid of these Microsoft’s default apps (Windows Media Player, Internet Explorer) as soon as they install their OS. They are absolutely useless piece of junks.

Most of those who have and still are using it must have noticed that you frequently are asked to download new codec when you play multimedia files thru Windows Media Player. And most of us don’t even bother to check what the codec are or what they really are for…we just click ok. Well, this might be the biggest mistake you are doing. Microsoft media formats have long been used for hijacking WMP for malicious purposes (one of the reasons why tech savvies don’t use WMP).
Just look at this new breed of Trojan which is using Windows Media Player (WMP) as its carrier. Actually there is this new malware that inserts links to dangerous web pages within ASF (Advanced Systems Format) media files. If a user plays an infected music file, it will launch Internet Explorer and load a malicious web page that asks the user to download a codec if you want to play the media file. And if you click ok the actual download is not a codec but a Trojan horse that installs a proxy program on the PC that hijackers use to cover their tracks for their other malicious activity. The malware is also said to be capable of converting files such as MP2 and MP3 into Windows Media Audio (WMA) format. So, none of your music files are safe. Once downloaded the pop up will not appear which gives a feeling to the users that the codec was successfully downloaded which is just what the hijackers want us to think. Now if the multimedia files are shared through a peer-to-peer network, anyone who downloads music or video file from an affected system will be at risk of getting infected as well.


Trend Micro calls the malware “Troj_Medpinch.a,” Secure Computing named it “Trojan.ASF.Hijacker.gen,” and Kaspersky calls it “Worm.Win32.GetCodec.a.”

The best suggestion I give is to just get rid of that damn Window’s Media Player.

1 comments:

  emil

July 26, 2008 at 11:51 AM

i mostly use JetAudio as media player, firexfox and opera as browser.
windows inbuilt program are just for common use.
they donot provide special features.