For a little over a month now, researchers at Secure Computing have watched a Trojan in the wild that is infecting normal multimedia files like MP3 and WMA audio streams and WMV videos. If infected, all multimedia files on a user’s Mac or PC will be compromised, and those files can spread to other computers if shared via e-mail or P2P sites like Limewire.
Secure Computing discovers an interesting P2P based Malware attack.(IMG:J.Anderson)
Once a user downloads an infected file and attempts to play it back, they are then prompted to install a codec. Unsuprisingly, this codec contains the Malware.
So how is this different from other codec type attacks? Christoph Alme, Team Lead from Secure Computing’s anti-Malware Research Labs, took the time to explain it.
"The sophisticated new technique that they employ in this Trojan is that they take your existing multimedia files and add their malicious content to them. MP2 and MP3 files are converted into the WMA audio format before infection, but the file extension remains .mp3 so there's no sign of tampering other than the file size that has grown a little," outlined Alme.
"On the machine compromised by the Trojan, playing one of the infected audio or video files does not even show any suspicious signs, so this first stage of attack remains quite silent. Only after the victim uploaded some of his files to file sharing portals or peer-to-peer networks, and others download these and play them, then will they get a message telling them they'd need to install a missing codec. The fake codec turns out to be a password-stealing malware."
Yet another lesson as to why Limewire is bad.
View blog reactions
Add your comment (no registration required)
page: 1
Richard L SharpJul 16th, 2008 - 15:50:17
You don't think this is the RIAA or MPAA using their logical response to their own obsolescence?
Report this comment
Advertising
Richard L SharpJul 16th, 2008 - 15:50:17
You don't think this is the RIAA or MPAA using their logical response to their own obsolescence?
Report this comment