Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"no comment"
on MySpace superworm creator sentenced to probation, community service
by hijrawinata | Sep 7, 2008 3:18 AM
 
"hi.. i like google chrome. I need to know if in future, google is willing to upgrade google ..."
on Layered security in Google Chrome browser
by george s | Sep 7, 2008 1:52 AM
 
"Smart Antivirus-2009 crack"
on Researchers crack London's Oyster card security
by trancongtruongtruong | Sep 7, 2008 12:38 AM
 
"I urge every business person and IT person, management or staff, to get hold of a copy of "I.T. ..."
on Bank of New York loses 12.5 million customer details
by John Franks | Sep 6, 2008 1:20 AM
 
"iam intrested in porn movies workes in actors from 36/m india pleas help me thanks."
on Popular porn site hacked by prudes
by vinod agarwal | Sep 5, 2008 8:26 PM
Malware

New Trojan in the wild targeting multimedia files

  • Email a Friend
  • Print Page
Related Articles
By Negar Salek
Jul 14, 2008 3:32 PM | 2 Comments
Tags: MP3 | Trojan | Multimedia | WMV | WMA
Secure Computing is warning of a new Trojan in the wild that is infecting multi-media files on a victim’s hard disk.

The initial infection arrives from a pirate software warez site, where users go looking for illegal cracks or serial key to run copy-protected software.

According to the vendor's security advisory when playing back the infected files, the user is fooled into believing a codec is needed to play back the content.

When downloading the advertised fake codec, the user will install the malware instead which embeds malicious content into multimedia files such as MP3, WMA music files, WMV video files and others.

Eric Krieger, country manager for ANZ at Secure Computing told SC that one of the infected MP3 files includes music from 70's rock group Queen's Greatest Hits album.

“The bottom line is you shouldn’t be looking to download the codec, that’s the major thing, and once you have it installed it injects the command and causes the WMP to redirect,” said Krieger.

When the user plays any infected files, no sign of compromise will show up and they will never know they’ve been infected, warned Secure Computing.

When a user then shares a file via email or a P2P site, those infected multimedia files are then transferred to someone else.

“It’s not a Windows issue, it’s an MP3 issue and you need to update your anti-virus signature to stay protected. It’s just something that users have to be aware of,” said Krieger.

 
Ads by Google
Thoughts on this article? Add a comment below.
Comments: 2
How is this even possible if it's not WMP or Realplayer? There are very few media players that actually attempt to download codecs, and even fewer that attempts to download codecs from unsecured sites.. "Not a Windows issue".. I don't get this, show me an "Mp3 virus" that works platform independently (for linux, Mac, BSD, Windows).. Doesn't exist.
SC Magazine - comments icon Posted by what..Jul 15, 2008 7:32 PM

Report this comment as offensive >>

I am a programmer and at first also could not believe such news make it to the Internet. I mean how can a media file carry a virus. However consider this scenario. Given that many multimedia formats, including if I am not mistaken the MP3 (i MAY be wrong), specify in the header the codec that is used to decode the file. Additionally, the header then may specify the domain which hosts the official (www.divx.com/download/codec for DivX for instance) codec, perhaps even platform independent version. Now, given that the multimedia format acknowledges and recommends such practice of embedding such URL and hinting playing software to go fetch the software to decode a new codec variation, anybody with access to the media file might spoof such URL, which will lead playing software to download a trojan horse instead of a codec. My two cents. Essentially media files cannot carry a payload, since they are hardly considered to be "executable". But indirectly, they might, in theory at least, and depending on player software practice.
SC Magazine - comments icon Posted by AmnJul 16, 2008 11:18 AM

Report this comment as offensive >>

Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below: