Posted on 01/11/2005 7:32:42 AM PST by holymoly
Downloads malicious application when video files are run
Security experts have intercepted two malicious Trojans hidden in video files that download and install spyware, diallers and computer viruses when played in Microsoft Windows Media player.
PandaLabs warned that Trj/WmvDownloader.A and Trj/WmvDownloader.B, are spreading through P2P networks hidden in video files. These Trojans take advantage of technology incorporated in Microsoft Windows Media player called Windows Media Digital Rights Management (DRM), designed to protect the intellectual property rights of multimedia content.
When a user tries to play a protected Windows media file, this technology demands a valid licence. If the license is not stored on the computer, the application will look for it on the internet, so that the user can acquire it directly or buy it. This technology is incorporated through the Windows XP Service Pack 2 + Windows Media Player 10 update.
The video files infected by these Trojans have a .wmv extension and are protected by licences, supposedly issued by the companies overpeer (for Trj/WmvDownloader.A), or protectedmedia (for Trj/WmvDownloader.B).
If the user runs a video file that is infected by one of these Trojans, the files pretend to download the corresponding licence. However, what they actually do is redirect the user to other internet addresses from which they download adware, spyware, diallers (applications that dial-up high rate toll numbers) and viruses, security experts at PandaLabs said.
Below are some examples of the malicious programs and viruses these Trojans download:
Adware/Funweb
Adware/MydailyHoroscope
Adware/MyWay
Adware/MyWebSearch
Adware/Nsupdate
Adware/PowerScan
Adware/Twain-Tech
Dialler Generic
Dialer.NO
Spyware.AdClicker
Spyware/BetterInet
Spyware/ISTbar
Trj/Downloader.GK
"Even though these Trojans have been detected in video files with extremely variable names which can be downloaded through P2P networks like KaZaA or eMule, bear in mind that they can also be distributed through other means, such as files attached to email messages, FTP or Internet downloads, floppy disks, CD-ROM, etc," PandaLabs warned.
For further information about Trj/WmvDownloader.A, Trj/WmvDownloader.B or the malicious programs and viruses these Trojans try to download, click here
Security Ping!
Run ZoneAlarm and force it to always alert you when a program seeks to connect to the net.
`` 2.) Don't play WMV files.``
Most of my porn is WMV. What do I do? I knew this was going to be a bad day.
http://housecall.trendmicro.com/
Ease your mind and scan your PC for viruses.
Some may also find this useful:
PCWorld: How to Install a Firewall
A better solution is to turn off the "acquire licences automatically" option (under the Privacy tab in Tools -> Options).
WINDOWS MEDIA PLAYER
TOOLS>OPTIONS>PRIVACY
Uncheck ACQUIRES LICENSES AUTOMATICALLY
You are now immune to that attack. While you are at uncheck all of the boxes on the privacy tab and you will be better off.
Wow. A canadian address with no postal code.
Must be old.
I thought Trojans PREVENTED the spread of viruses.
Azcap, thanks for the tech tip. I just followed your instructions.
madison
"This is getting pretty old" ping
bttt
Windows security ping
You owe me one keyboard. There's coffee everywhere!
Seeing how I'm running a Safari browser on Mac OS X, their code is just a bit shaky...
"Run ZoneAlarm and force it to always alert you when a program seeks to connect to the net."
Worth repeating, it's FREE. works great...
www.zonelabs.com
Ping!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.