Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worm Transcodes MP3s To Infect PCs

Posted by kdawson on from the just-don't-click dept.

snydeq writes "Kaspersky Labs has discovered malware that inserts links to malicious Web pages within ASF media files, posing a danger to Windows users who download music files from P2P networks. Infected files launch IE and load a page that asks the user to download a codec. The download, a Trojan horse, installs a proxy program to route other traffic through the PC. The malware also has worm-like qualities, according to Secure Computing. It searches for MP3s, transcodes them to WMA format, wraps them in an ASF container, and adds links to further copies of the malware, all without modifying the .MP3 extension."

20 of 385 comments (clear)

  1. Nice by Anonymous Coward · · Score: 5, Insightful

    Way to go Microsoft!

    Is there anything these morons can't fuck up?

    1. Re:Nice by Trigun · · Score: 2, Insightful

      If there is one thing that is guaranteed in life, it is stupidity. Count on that, and remove the other vectors.
       

    2. Re:Nice by geogob · · Score: 2, Insightful

      This is really clever. That way of using the file container to get the user to download false codecs.

      I wonder if it could work with other wrappers, like AVI, Quicktime, etc. Maybe not in their original state, but with slight modifications that could fool the player.

      I wasn't aware of all the capabilities of the ASF wrapper, but that sure was a ticking time bomb.

  2. Re:wow, that's evil by Z00L00K · · Score: 4, Insightful

    Maybe it's the RIAA that wants us to get rid of all our MP3:s downloaded from various sources?

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  3. Data vs Program by mlwmohawk · · Score: 5, Insightful

    Microsoft has a SERIOUS design pathology. They too often confused "data" with "program." Every G.D. thing in Windows can, in some way, initiate an action. This is a problem.

    A "music" file should be data. E-mail should be DATA! This is absolutely crazy. Making everything capable of being interpreted as programmatic content is at best a security flaw.

    1. Re:Data vs Program by mlwmohawk · · Score: 2, Insightful

      Computer users (yourself included, me too!) have demanded more automation,

      Speak for yourself. I don't want "automation" and most of my family and friends get confused by it, "Hey, why is it doing that?" is the typical response.

      they want less user interaction, thus MS and everybody else will develop for these wants.

      You are confusing "wanting it to work" and "automation." Clicking, or double clicking, on an icon in a window and having the correct player pop up and play the file correctly is what people want. That is, in fact, *all* they want. No one asked for media files that would "automate" anything.

      User's don't even understand computers at the level where they could ask for such a thing. If they did, they wouldn't even ask. I submit that much of the push for programmatic content within media is from the *IAA types looking to extend control.

      I remember when email was just that data!, had to uuencode/uudecode anything binary

      There is no reason why an email message has to contain programmatic content for an email program to be able to properly decode an attachment. That's what MIME types are all about.

  4. Re:Nothing New... by dreamchaser · · Score: 4, Insightful

    You should turn in your geek card for falling for that one! Any site you don't 100% trust that asks you to install a codec for a file format you can play already screams 'malware' in a loud shrill voice.

  5. von Neuman rolls in his grave by Gothmolly · · Score: 5, Insightful

    This is why you separate the executable code from the data.

    --
    I want to delete my account but Slashdot doesn't allow it.
  6. Re:What player? by X0563511 · · Score: 2, Insightful

    My question is how the hell that works? Why is it even possible to do that!?

    Data comes in, gets split into an audio stream and a video stream. You look at the magical tags and figure out which decoder to fire up. Feed compressed data into the decoder, get decompressed data out. Pass the video data to the display pipeline, and the audio data to the audio pipeline.

    There should be no way to execute anything from those pipelines.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  7. Re:Gentlemen, by thrillseeker · · Score: 4, Insightful

    Next up ... how DRM protects you from virus laden mp3s

  8. "Windows XP is our most secure OS ever" by Joce640k · · Score: 2, Insightful

    ...apart from the ActiveX and the email program which auto-runs attachements and the music files which can launch the browser and the RPC daemon which can't be firewalled and the universal plug and play daemon which allows "drivers" to travel around networks and....

    Defective by design.

    --
    No sig today...
  9. Re:Richard Stallman Says... by paradxum · · Score: 2, Insightful

    Yes, I too remember the days when there was little if any monetary gain to be had from writing a virus or hacking in general.

    But those days are gone, there is money to be made... now that it pays to hack, the onslaught will only get worse.

  10. hidden extensions by Kenshin · · Score: 4, Insightful

    I hate how Windows has hidden file extensions in every version since XP. It's supposed to make the machine more Mac-like and friendlier, but it is a serious security concern.

    I try to turn it off on every machine that I'm asked to setup or fix, but occasionally I get someone who deletes the "unfamiliar" file extensions from their files and ends up not being able to open them.

    --

    Does it make you happy you're so strange?

  11. Re:wow, that's evil by DickBreath · · Score: 2, Insightful

    >Just run your antivirus over your downloads before playing.

    Do you really believe this would be effective?

    Wouldn't it be more important to run your antivirus on your codecs before installing?

    --

    I'll see your senator, and I'll raise you two judges.
  12. Re:wow, that's evil by razorh · · Score: 3, Insightful

    Or you could, y'know, stop being a thieving scumbag and support music by buying from the artists.

    How do you buy music from artists that are represented by the RIAA? Seems to me that most of the money you spend when buying most of the music the RIAA cares about isn't going to the artist in the first place.

  13. Re:Dont use untrusted codecs! by ConceptJunkie · · Score: 4, Insightful

    The irony is that in all these years, I don't think I've ever seen WMP successfully find and install a codec it was missing. I just end up with a message saying it couldn't find the codec that doesn't even tell me which codec it was looking for. Then it turns out this all just another malware attack vector.

    In 2000, this problem would have "more of the same" but the fact that this still exists in 2008 is insane. I mean Microsoft publicly admitted their security is awful in 2000, took four years to make a decent attempt to correct things, and yet here we are four years after that...

    Thanks, Microsoft. Thanks a lot. You give new meaning to word FAIL on a daily basis.

    --
    You are in a maze of twisty little passages, all alike.
  14. Re:wow, that's evil by MadnessASAP · · Score: 2, Insightful

    Wouldn't it be more important to run your antivirus on your codecs before installing?

    Even better idea, Install VLC and CCCP and if it wont play with either of those then you probably don't want to watch it anyways.

    --
    I may agree with what you say, but I will defend to the death your right to face the consequences of saying it.
  15. Re:wow, that's evil by Kiaser+Zohsay · · Score: 2, Insightful

    Where did concerts come into this?

    GGGP wrote "support music by buying from the artists" which then led to a comparison of alternate methods of supporting the artists, ergo concerts. A legitimate (OT) point, and not a straw man. However, between the venues, concert promoters and TicketBastard, the concert business is ripping off artist almost as badly as the recording labels.

    When voting with your dollars, deciding where *not* to spend is every bit as important as where to spend. There is no substitute for doing your homework.

    --
    I am not your blowing wind, I am the lightning.
  16. Another good reason by Snaller · · Score: 2, Insightful

    To user mplayer to play your files.

    --
    If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
  17. To the non-technically savvy .... by PPH · · Score: 2, Insightful
    ... this goes like:

    (Blah, blah blah blah, blah) codec (blah blah, blah. Blah.)

    [Allow] or [Cancel]

    --
    Have gnu, will travel.