Worm Transcodes MP3s To Infect PCs

Posted by kdawson on Friday July 18, 2008 @02:34AM from the just-don't-click dept.

snydeq writes "Kaspersky Labs has discovered malware that inserts links to malicious Web pages within ASF media files, posing a danger to Windows users who download music files from P2P networks. Infected files launch IE and load a page that asks the user to download a codec. The download, a Trojan horse, installs a proxy program to route other traffic through the PC. The malware also has worm-like qualities, according to Secure Computing. It searches for MP3s, transcodes them to WMA format, wraps them in an ASF container, and adds links to further copies of the malware, all without modifying the .MP3 extension."

3 of 385 comments (clear)

Min score:

Reason:

Sort:

Nice by Anonymous Coward · 2008-07-18 02:38 · Score: 5, Insightful

Way to go Microsoft!
Is there anything these morons can't fuck up?
Data vs Program by mlwmohawk · 2008-07-18 02:46 · Score: 5, Insightful

Microsoft has a SERIOUS design pathology. They too often confused "data" with "program." Every G.D. thing in Windows can, in some way, initiate an action. This is a problem.
A "music" file should be data. E-mail should be DATA! This is absolutely crazy. Making everything capable of being interpreted as programmatic content is at best a security flaw.
von Neuman rolls in his grave by Gothmolly · 2008-07-18 02:54 · Score: 5, Insightful

This is why you separate the executable code from the data.

--
I want to delete my account but Slashdot doesn't allow it.