New malware aims at music from P2P networks

New malware aims at music from P2P networks
Security vendor Kapersky Labs has made note of a new type of trojan that is aimed at Windows users who download music through popular P2P networks such as LimeWire.

The malware inserts malicious links within ASF files, a container that is usually used for audio and video streams but can also hold images or links to websites.



"The possibility of this has been known for a little while but this is the first time we've seen it done," said David Emm, senior technology consultant for security vendor Kaspersky Lab.

When a user plays an infected file, Internet Explorer is launched and a site is loaded telling users they need to download a codec to play the file. The "codec" of course, is a trojan that then installs a proxy program on your PC. Just like with other proxy programs, hackers can then route traffic through the infected computer, creating a shield to cover their tracks.

Making the malware even more vicious is that once your computer is infected, it looks for any MP3 file it can find and will transcode it to WMA while wrapping it in an ASF container adding the malicious links and starting the cycle again.

"Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream," Secure Computing, another firm said.

The trojan goes by different names, such as "Troj_Medpinch.a," "Trojan.ASF.Hijacker.gen" or "Worm.Win32.GetCodec.a." depending on your Internet security package.

Written by: Andre Yoskowitz @ 20 Jul 2008 17:42
Advertisement - News comments available below the ad
  • 22 comments
  • DoomLight

    this is why i tell no one to use limewire. its a virus factor just like when Kazaa got popular.

    removing that kind of spyware usually damages the registry so bad u have to reformat the computer almost everytime.

    20.7.2008 17:51 #1

  • DVDBack23

    I would also like to apologize for the strange formatting of the article that some users may experience. It will be fixed soon.

    20.7.2008 17:51 #2

  • nonoitall

    Sadly, many newcomers will probably get suckered into this. I doubt experienced users would download an ASF file anyway.

    20.7.2008 18:03 #3

  • Aylmer

    <DELETED>

    20.7.2008 18:18 #4

  • windsong

    Why would anyone use Limewire anyway? The place is crawling with Feds anyway, thanks to all of the cp traders.

    Usenet is where the best stuff is at.

    20.7.2008 21:40 #5

  • dude845

    This isn't new... This type of virus has been going on for ages... people diserve this and more though if they want to download child porn. The rest of the people who are downloading regular porn, movies, music videos just need to be safe i'd say and use torrents.

    21.7.2008 00:56 #6

  • Pop_Smith

    Limewire isn't that great, especially for music. Torrents mean higher-quality and almost zero viruses.

    However, I wonder why it transcodes the files to WMA and re-wraps it in a ASF container. It's probably because Windows Media Player can read ASF files, which makes the infection more likely to happen, however that is just an educated guess.

    Peace

    21.7.2008 02:12 #7

  • xSModder

    can anyone say M$?
    conspiracy starts here

    21.7.2008 02:50 #8

  • venomX05

    yup, i use limewire, for like a song or 2, nothing major...got all 3 of the trojans...but damn it if my av didn't catch them asap...lol...love mcafee, not only did it catch it before it was completed, it automatically deleted it as well.

    gotta love it.

    21.7.2008 08:19 #9

  • 7thsinger

    I've never been real fond of Limewire anyway; there are better places for good quality music without hoping your antivirus program catches the nasites before your pc gets 'em.

    This is one more reason to avoid Limewire.

    21.7.2008 08:40 #10

  • sgriesch

    Originally posted by xSModder: can anyone say M$?
    conspiracy starts here
    I was thinking Music/Movie industry myself.

    21.7.2008 09:24 #11

  • DarkElder

    I hope I'm safe... I'm still using Compuserve to get on Napster

    21.7.2008 09:39 #12

  • 21Q

    Yeah. I've told everyone I know to stay way from limewire. But do any of them listen? Nope. TIs why I don't fix their computers for them. Ever since I signed for this site I started becoming aware of these things. Granted that was a long time ago, but it still helped.

    21.7.2008 10:44 #13

  • emugamer

    I loved Limewire.....3 years ago.

    21.7.2008 12:11 #14

  • blueroad

    cough ** get bitorrent idiot! ** cough

    21.7.2008 14:25 #15

  • lynchGOP

    I use Bearshare Pro (Jacked of course) for over 6 years now and I have NEVER received a virus for the individual songs I download. In addition, I use bittorrent for whole albums but again................I have NEVER received a virus via Bearshare. Same 'network' (gnutella) as Limewire too.

    And I'm going on the record by saying----If you or anyone consciously plays a "song", whatever the format, and the KNOWING DOWNLOADS A CODEC BY BEING REDIRECTED then you're a f'ing idiot and the punishment should be much more severe than that. There is no excuse or justifiable reason for STUPIDITY. Pull your head outta your ass and START USING IT BY 'THINKING'.

    No remorse, no regrets no 'feeling bad'

    21.7.2008 15:03 #16

  • lynchGOP

    Originally posted by xSModder: can anyone say M$?
    conspiracy starts here

    Whatever!! Keep your dumbass thoughts to yourself!!! Yeah...........and the 'government' knowingly hired Al Quaida to blow up the WTC and no plane crashed into the Pentagon and "buildings don't collapse from heat and fire" like the WTCs did.

    Get a job........
    Get a clue........
    GET AN EDUCATION!!!!

    21.7.2008 15:11 #17

  • xSModder

    lol whatever, I don't believe any of that and don't really like anyone that does, because it's nonsense

    nobody just goes and makes a filewrapper that converts to wma and makes the file doomed to repeat the process. maybe saying M$ was too small, does saying RIAA get you more hot?

    21.7.2008 16:06 #18

  • lynchGOP

    Originally posted by xSModder: lol whatever, I don't believe any of that and don't really like anyone that does, because it's nonsense

    nobody just goes and makes a filewrapper that converts to wma and makes the file doomed to repeat the process. maybe saying M$ was too small, does saying RIAA get you more hot?
    It's certainly more plausible...................

    ............BUT I believe that the majority of the viruses written are by hackers doing so "just because".

    21.7.2008 17:37 #19

  • varnull

    Dammit.. rumbled again.. My plans to rule the world will have to take another path.. Did you like the kylie? I enjoyed all your paypal and ebay passwords.

    21.7.2008 17:39 #20

  • scorpNZ

    LMAO..Yep i know about that codec,since i have backup images of my hdd i figured stuff it install codec & see what happens,sure enough the security ware started kicking up warnings of infection..lol..30 mins later after a re-image everything was back to normal pheeeew

    21.7.2008 20:15 #21

  • varnull

    i don't think the mpaa/riaa or the cartel would use malware insertion. It leaves them open to legal action if they get caught. They would be more likely to put entrapment content on.. false bitrate versions of the content containing a "you have been caught, your ip has been logged, you will now receive a letter concerning illegal use of the internet and filesharing programs for means of copyright infringing behaviour. We reserve the right to impose penalties to the full extent allowed by applicable laws"

    Far more their style.

    Seriously.. who uses these obsolete risky p2p apps these days?

    30.7.2008 20:53 #22

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud