Spyware Tunnels in on Winamp Flaw

Andy Philips writes "A security bug in Winamp is being exploited by miscreants to install spyware on machines running the media player software. "After surfing to a malicious Web site on our test machines, the file 'x.pls' begins to download, Almost immediately, Winamp starts to execute the play list and remote code execution begins." Sunbelt's Adam Thomas wrote in a posting. The Winamp problem affects version 5.12 of the media player. Earlier versions may also be affected."

Vulnerability is optional

[quentin_quayle]

I know you will all correct me if I'm wrong, but if you don't have the .pls as a trigger for Winamp as a plugin, you're not vulnerable. Just set your browser to do something else with .pls (like offer to download). Or trash the file type association or set it for something other than Winamp.

Or if you're a luddite like me and can't stand plugins, prevent them all from working by commenting out the plugins lines in:
C:\Program Files\Common Files\mozilla.org\GRE\ [version here] \greprefs\all.js

This is assuming you use Mz or FF for web on Windows like a sensible person.

Move Along

[Billosaur]

As usual, nothing to see here...

From ZDNet Asia: The flaw was disclosed on Monday, when Winamp maker Nullsoft, a division of America Online, released an update to fix it. The company posted version 5.13 of Winamp, while Secunia and other security companies issued alerts about the problem. Secunia rated the issue "extremely critical," its highest rating.

Flaw detected and removed. New version of Winamp out. Get the new version. Protected. Not much more difficult than that. Shouldn't there a be a "Software Vulnerabilties" section to Slashdot, where these things could be posted?

Re:Move Along

[RonnyJ]

Shouldn't there a be a "Software Vulnerabilties" section to Slashdot, where these things could be posted?

That's certainly an option, however Winamp is a hugely popular media player. I'm sure many Slashdot readers have Winamp, and wouldn't visit such a section regularly, so fairly 'big' stories like this should at least be posted to the front page too. At the very least, I know now that I need to update Winamp.

Foobar2000

[Idimmu+Xul]

A small plug for the greatest MP3 player in existance, Foobar2000

It's so awesomely customisable, it hurts.

There are other applications to use

[hcoder]

It should be noted that no application is secure enough (except some 'Hello World!' implementations). It's not unusual that one should get hotfixes, service packs, etc. to keep ones system (relatively) secure against crackers. If you like winamp get the update and relax. As other folks said you may use other applications, mplayer is my favourite one. Of course I run it on Linux.

Re:It's that Damn Llama's Fault

I used winamp too - until i found foobar2000 [foobar2000.org]

It supports virtually all posible audio codecs, and sound quality is much better

From foobar2000.org:
Does foobar2000 sound better than other players?
No. Most of "sound quality differences" people "hear" are placebo effect (at least with real music), as actual differences in produced sound data are below their noise floor (1 or 2 last bits in 16bit samples). Foobar2000 has sound processing features such as software resampling or 24bit output on new high-end soundcards, but most of other mainstream players are capable of doing the same by now.

:-)

Re:It's that Damn Llama's Fault

[mrdaveb]

I agree that Winamp 2 used to be great and Winamp 3 was horribly bloated. But what you really want to do is run the latest Winamp 5 with either the tiny Lite version, or the full version without modern skins. It has the same small memory footprint as Winamp 2... The only advantage of using Winamp 5 is that some of the recently discovered security holes have probably actually been in there the whole time and you might be putting yourself at risk if you run a really old version.