Posted on 01/11/2005 7:32:42 AM PST by holymoly
Downloads malicious application when video files are run
Security experts have intercepted two malicious Trojans hidden in video files that download and install spyware, diallers and computer viruses when played in Microsoft Windows Media player.
PandaLabs warned that Trj/WmvDownloader.A and Trj/WmvDownloader.B, are spreading through P2P networks hidden in video files. These Trojans take advantage of technology incorporated in Microsoft Windows Media player called Windows Media Digital Rights Management (DRM), designed to protect the intellectual property rights of multimedia content.
When a user tries to play a protected Windows media file, this technology demands a valid licence. If the license is not stored on the computer, the application will look for it on the internet, so that the user can acquire it directly or buy it. This technology is incorporated through the Windows XP Service Pack 2 + Windows Media Player 10 update.
The video files infected by these Trojans have a .wmv extension and are protected by licences, supposedly issued by the companies overpeer (for Trj/WmvDownloader.A), or protectedmedia (for Trj/WmvDownloader.B).
If the user runs a video file that is infected by one of these Trojans, the files pretend to download the corresponding licence. However, what they actually do is redirect the user to other internet addresses from which they download adware, spyware, diallers (applications that dial-up high rate toll numbers) and viruses, security experts at PandaLabs said.
Below are some examples of the malicious programs and viruses these Trojans download:
Adware/Funweb
Adware/MydailyHoroscope
Adware/MyWay
Adware/MyWebSearch
Adware/Nsupdate
Adware/PowerScan
Adware/Twain-Tech
Dialler Generic
Dialer.NO
Spyware.AdClicker
Spyware/BetterInet
Spyware/ISTbar
Trj/Downloader.GK
"Even though these Trojans have been detected in video files with extremely variable names which can be downloaded through P2P networks like KaZaA or eMule, bear in mind that they can also be distributed through other means, such as files attached to email messages, FTP or Internet downloads, floppy disks, CD-ROM, etc," PandaLabs warned.
For further information about Trj/WmvDownloader.A, Trj/WmvDownloader.B or the malicious programs and viruses these Trojans try to download, click here
When I get there (privacy)I have a sliding bar which is set at Medium high and the only choice there is whether to put on, or off, the pop-up blocker.
I have windows XP - Tom
Also, dial-up users need to change their 'dialing' control to prohibit automatic dialing.
[I don't remember whether that is under Internet Options or Dial Up Adapter.]
It's "Tools->Options" in Windows Media Player, not in IE.
He could run, though!
That's the privacy tab in Internet Exploder, open windows media player and go into that TOOLS/OPTIONS/Privacy.
Only if used correctly! LOL!
Thanks. Got it.
I brought up window media player. There was no mention of tools or options. I looked the whole page over, and on the upper far right was a very small arrow. I clicked the arrow and a drop down menu came down and it is where I was able to find it.
Thanks again. - Tom
For the PC-challenged, this "Tools" menu would be found... where? In the Windows Media Player.... or elsewhere?
Use WinAMP
Thank you for the help! I hate spyware.
That doesn't catch everthing!
New warnings.
Crap!!!!!!!!
Yep, been getting some of those myself lately...
McAfee on the job, intercepted and deleted.
poing
"In this case, they're using technology meant to secure content. It just shows that the more bells and whistles you add to the technology, the more you open doors for the bad guys," [Patrick Hinojasa, chief technical officer at Panda Software] said.
Will MS never learn?
FYI
NEVER download anything from Microsoft... all Microsoft software is MALWARE
just recently i tried to uninstall an older version of Windows Media Player -- it refused to go! it took about four or five tries, and broke several other apps in the process... i cannot describe the relief in actually finally succeeding in getting rid of most of it.
WinAMP is much safer...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.