Spyware Tunnels in on Winamp Flaw

← Back to Stories (view on slashdot.org)

Spyware Tunnels in on Winamp Flaw

Posted by Hemos on Monday February 6, 2006 @01:37AM from the hey-now-get-your-upgrade-on dept.

Andy Philips writes "A security bug in Winamp is being exploited by miscreants to install spyware on machines running the media player software. "After surfing to a malicious Web site on our test machines, the file 'x.pls' begins to download, Almost immediately, Winamp starts to execute the play list and remote code execution begins." Sunbelt's Adam Thomas wrote in a posting. The Winamp problem affects version 5.12 of the media player. Earlier versions may also be affected."

5 of 176 comments (clear)

Oh by kvant · 2006-02-06 01:43 · Score: 5, Funny

I was wondering why my mp3-collection was suddenly trying to sell me penis-lengthening pills!
So now it... by Robotech_Master · 2006-02-06 01:43 · Score: 5, Funny

...whips your computer's ass, as well as the llama's.

--
Editor Emeritus and Senior Writer, TeleRead.org
Vulnerability is optional by quentin_quayle · 2006-02-06 01:50 · Score: 5, Informative

I know you will all correct me if I'm wrong, but if you don't have the .pls as a trigger for Winamp as a plugin, you're not vulnerable. Just set your browser to do something else with .pls (like offer to download). Or trash the file type association or set it for something other than Winamp.

Or if you're a luddite like me and can't stand plugins, prevent them all from working by commenting out the plugins lines in:
C:\Program Files\Common Files\mozilla.org\GRE\ [version here] \greprefs\all.js

This is assuming you use Mz or FF for web on Windows like a sensible person.
Move Along by Billosaur · 2006-02-06 01:51 · Score: 5, Informative

As usual, nothing to see here...

From ZDNet Asia: The flaw was disclosed on Monday, when Winamp maker Nullsoft, a division of America Online, released an update to fix it. The company posted version 5.13 of Winamp, while Secunia and other security companies issued alerts about the problem. Secunia rated the issue "extremely critical," its highest rating.

Flaw detected and removed. New version of Winamp out. Get the new version. Protected. Not much more difficult than that. Shouldn't there a be a "Software Vulnerabilties" section to Slashdot, where these things could be posted?

--
GetOuttaMySpace - The Anti-Social Network
Re:It's that Damn Llama's Fault by Anonymous Coward · 2006-02-06 02:22 · Score: 5, Informative

I used winamp too - until i found foobar2000 [foobar2000.org]
It supports virtually all posible audio codecs, and sound quality is much better
From foobar2000.org:
Does foobar2000 sound better than other players?
No. Most of "sound quality differences" people "hear" are placebo effect (at least with real music), as actual differences in produced sound data are below their noise floor (1 or 2 last bits in 16bit samples). Foobar2000 has sound processing features such as software resampling or 24bit output on new high-end soundcards, but most of other mainstream players are capable of doing the same by now.
:-)