Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Tunnels in on Winamp Flaw

Posted by Hemos on from the hey-now-get-your-upgrade-on dept.

Andy Philips writes "A security bug in Winamp is being exploited by miscreants to install spyware on machines running the media player software. "After surfing to a malicious Web site on our test machines, the file 'x.pls' begins to download, Almost immediately, Winamp starts to execute the play list and remote code execution begins." Sunbelt's Adam Thomas wrote in a posting. The Winamp problem affects version 5.12 of the media player. Earlier versions may also be affected."

5 of 176 comments (clear)

  1. Re:It's that Damn Llama's Fault by iezhy · · Score: 4, Insightful

    I used winamp too - until i found foobar2000

    It supports virtually all posible audio codecs, and sound quality is much better

  2. Re:Why don't they make a law... by LiquidCoooled · · Score: 3, Insightful

    Because there is nothing wrong with fucking up your own computer.
    There is nothing wrong with telling people how to fuck up their computers as well.

    There is however something wrong if you use these tools to automatically fuck up other peoples computers.

    --
    liqbase :: faster than paper
  3. Re:It's that Damn Llama's Fault by zerocool^ · · Score: 4, Insightful


    For starters, you can go to www.oldversion.com and get winamp 2.95 along with a bunch of other versions. The train wreck that was winamp3 was also mostly corrected when they went to winamp5, and if you see from (http://www.winamp.com/player/free.php) there's a "lite" version that weighs in at 0.85MB, and which supports mp3, wav, ogg, au, midi, cda, aac, etc. Since it doesn't support modern skins, I would suspect that it's probably just a rehash of 2.9x

    I don't use the video features of Winamp. They were present in 2.95, but they weren't bloated yet. And I don't think it was a grab at the windows media player headspace. It really seemed like they just tacked it on because it wasn't hard to do. I think it uses the windows renderer and codecs anyway, just without all the crap in WMP.

    Anyway, yeah, I still use 2.95 of winamp, just like I still use instant messanger 4.8. I'm open to change; I'm just not going to "upgrade" to a bloated product. What is it with software these days, anyway? Every piece of software tries to be everything to everyone. Ugh.

    ~Will

    --
    sig?
  4. Re:Vulnerability is optional by yoyhed · · Score: 3, Insightful
    Know what else is funny? I don't remember this discussion being an OS debate. We've all heard your argument before, we all know Linux is less susceptible to spyware, and we know Microsoft was determined to be a monopoly by the courts.

    The grandparent poster's suggestion was assuming the user had Windows because the discussion is about fucking WINAMP, a WINDOWS program. I'd say anyone using Windows who was sensible would indeed use Firefox (or Opera), as the GP said.

    You don't need to jump on every comment that mentions Windows and promote Linux in such a zealous/inflammatory fashion, especially when the comment about Windows was helpful and was promoting OSS like Firefox.

    --
    WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
  5. Just one question by SuperKendall · · Score: 4, Insightful

    Are there more computers running OS X than there are active copies of WinAMP?

    If so, why are there currently no OS X viruses yet when we see an active WinAMP exploit?

    Food for thought.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley