Worm Transcodes MP3s To Infect PCs 385
snydeq writes "Kaspersky Labs has discovered malware that inserts links to malicious Web pages within ASF media files, posing a danger to Windows users who download music files from P2P networks. Infected files launch IE and load a page that asks the user to download a codec. The download, a Trojan horse, installs a proxy program to route other traffic through the PC. The malware also has worm-like qualities, according to Secure Computing. It searches for MP3s, transcodes them to WMA format, wraps them in an ASF container, and adds links to further copies of the malware, all without modifying the .MP3 extension."
Nice (Score:5, Insightful)
Way to go Microsoft!
Is there anything these morons can't fuck up?
Re:wow, that's evil (Score:5, Insightful)
Data vs Program (Score:5, Insightful)
Microsoft has a SERIOUS design pathology. They too often confused "data" with "program." Every G.D. thing in Windows can, in some way, initiate an action. This is a problem.
A "music" file should be data. E-mail should be DATA! This is absolutely crazy. Making everything capable of being interpreted as programmatic content is at best a security flaw.
Dont use untrusted codecs! (Score:1, Insightful)
Re:Nothing New... (Score:5, Insightful)
You should turn in your geek card for falling for that one! Any site you don't 100% trust that asks you to install a codec for a file format you can play already screams 'malware' in a loud shrill voice.
von Neuman rolls in his grave (Score:5, Insightful)
This is why you separate the executable code from the data.
Re:Nice (Score:2, Insightful)
If there is one thing that is guaranteed in life, it is stupidity. Count on that, and remove the other vectors.
Re:What player? (Score:3, Insightful)
My question is how the hell that works? Why is it even possible to do that!?
Data comes in, gets split into an audio stream and a video stream. You look at the magical tags and figure out which decoder to fire up. Feed compressed data into the decoder, get decompressed data out. Pass the video data to the display pipeline, and the audio data to the audio pipeline.
There should be no way to execute anything from those pipelines.
Re:Gentlemen, (Score:5, Insightful)
"Windows XP is our most secure OS ever" (Score:2, Insightful)
...apart from the ActiveX and the email program which auto-runs attachements and the music files which can launch the browser and the RPC daemon which can't be firewalled and the universal plug and play daemon which allows "drivers" to travel around networks and....
Defective by design.
Re:Nice (Score:2, Insightful)
I wonder if it could work with other wrappers, like AVI, Quicktime, etc. Maybe not in their original state, but with slight modifications that could fool the player.
I wasn't aware of all the capabilities of the ASF wrapper, but that sure was a ticking time bomb.
Re:Richard Stallman Says... (Score:2, Insightful)
Yes, I too remember the days when there was little if any monetary gain to be had from writing a virus or hacking in general.
But those days are gone, there is money to be made... now that it pays to hack, the onslaught will only get worse.
hidden extensions (Score:5, Insightful)
I hate how Windows has hidden file extensions in every version since XP. It's supposed to make the machine more Mac-like and friendlier, but it is a serious security concern.
I try to turn it off on every machine that I'm asked to setup or fix, but occasionally I get someone who deletes the "unfamiliar" file extensions from their files and ends up not being able to open them.
Re:wow, that's evil (Score:3, Insightful)
Do you really believe this would be effective?
Wouldn't it be more important to run your antivirus on your codecs before installing?
Re:Data vs Program (Score:3, Insightful)
Computer users (yourself included, me too!) have demanded more automation,
Speak for yourself. I don't want "automation" and most of my family and friends get confused by it, "Hey, why is it doing that?" is the typical response.
they want less user interaction, thus MS and everybody else will develop for these wants.
You are confusing "wanting it to work" and "automation." Clicking, or double clicking, on an icon in a window and having the correct player pop up and play the file correctly is what people want. That is, in fact, *all* they want. No one asked for media files that would "automate" anything.
User's don't even understand computers at the level where they could ask for such a thing. If they did, they wouldn't even ask. I submit that much of the push for programmatic content within media is from the *IAA types looking to extend control.
I remember when email was just that data!, had to uuencode/uudecode anything binary
There is no reason why an email message has to contain programmatic content for an email program to be able to properly decode an attachment. That's what MIME types are all about.
Re:wow, that's evil (Score:3, Insightful)
How do you buy music from artists that are represented by the RIAA? Seems to me that most of the money you spend when buying most of the music the RIAA cares about isn't going to the artist in the first place.
Re:Microsoft only threat? (Score:0, Insightful)
ChuckSchwab here. Okay, good questions, and I've got some good answers. I have to post anon, and won't be able to respond much beyond this post (because some jerks set me to Terrible karma) so I'll try to give the most complete answer I can. Here goes:
You're equating "marketing" with "all the negative connotations I associate with the term 'marketing'". By "marketing" I simply mean being able to present a case to the average person -- THAT HE SEES -- why he should switch, and how he should do it.
Here, corporate financial interest is an issue. It's like this:
Reaching the layman takes MONEY. But if you spend that money and create a complete, self-contained, easy-as-pie package ... so can someone else. They will COPY. They will take your work and undercut you. In the store, they will see "Hey ultra-cool linux conversion kit, which you have been persuaded of the merit of, only $49.99" (actually, $50 because they're ethical). And also, "Hey, exact same thing, that you were convinced of, only $9.99 because we copied those other guys."
And so we see, copyright is criticial to generating the funds necessary to get folks to come over. And those very folks are valuable TO YOU. More Linux folks = more justification to write software for Linux.
This is where I dispute your claim that Linux is useful TO YOU. Where is your Linux photoshop equivalent? Your games?
Yeah, you got the programs that someone got around to. But for other stuff, the newest stuff, the folks with the CASH to hire people WITH A GODDAMN CLUE about interface design, ain't gonna write for Linux -- no people there.
Now, maybe I'm wrong. Maybe every conceivable thing you will ever want to do, you can do right now (or at least have the software to on Linux). But then look at the broader perspective: what about average people, who can't do the stuff, the hacks, the kludges, the troubleshooting, that you find so easy? That you don't even *notice* as being hard to others? Why would *they* switch?
I tried to switch to Linux myself. I'm pretty technically inclined (ignore my troll posts). I ran into inexcusable problems. Not just any problems -- problems that could have been avoided early on with a teensy pinch of care to making it accessible for the masses.
Marketing, in other words.
The Linux community *could* take over the home desktop market. But they refuse. They refuse to recognize the value of each additional person, and get on their knees for anyone who wants to join on. They refuse to write idiot-proof conversion packages and pay to get the knowledge of their existence into people's minds. Because, fundamentally, they don't *want* people to join. It's *their* system. (I can even see in your tone how you'd hate for myspace kiddies to be using Linux, even if it didn't involve that evil corporate marketing.)
All I ask is that you stop being schizophrenic. Either:
-Accept that Linux is 1337, and accept the low marketshare and developer interest.
-TRY to get people to join, and ponder why no one does.
Don't do these half-assed efforts while confounded as to why people aren't joining.
Hope that answers your question. :-)
Re:They're ASF, Not MP3, Files (Score:1, Insightful)
Not to mention that it was Microsoft's brilliant idea to embed non-audio functionality into an audio file format to begin with. "Hey, let's make it so this audio file can automatically initiate a connection to the Internet! Yeah! That'll be cool!"
That's probably even dumber than putting VBscript in Word documents or Javascript in PDFs.
You would rarely find this kind of stupidity in the open source world because most open source software is driven by sensible engineering and functionality considerations, not by a marketing mentality of adding ever more flashy "features" (i.e. bloated anti-features).
Dear Micosoft (and Adobe): Integration of extraneous functionality is at the root of a lot of your complexity and security problems. Keep separate things separate. Keep it simple.
Re:Dont use untrusted codecs! (Score:5, Insightful)
The irony is that in all these years, I don't think I've ever seen WMP successfully find and install a codec it was missing. I just end up with a message saying it couldn't find the codec that doesn't even tell me which codec it was looking for. Then it turns out this all just another malware attack vector.
In 2000, this problem would have "more of the same" but the fact that this still exists in 2008 is insane. I mean Microsoft publicly admitted their security is awful in 2000, took four years to make a decent attempt to correct things, and yet here we are four years after that...
Thanks, Microsoft. Thanks a lot. You give new meaning to word FAIL on a daily basis.
Re:wow, that's evil (Score:2, Insightful)
Wouldn't it be more important to run your antivirus on your codecs before installing?
Even better idea, Install VLC and CCCP and if it wont play with either of those then you probably don't want to watch it anyways.
Re:wow, that's evil (Score:3, Insightful)
Where did concerts come into this?
GGGP wrote "support music by buying from the artists" which then led to a comparison of alternate methods of supporting the artists, ergo concerts. A legitimate (OT) point, and not a straw man. However, between the venues, concert promoters and TicketBastard, the concert business is ripping off artist almost as badly as the recording labels.
When voting with your dollars, deciding where *not* to spend is every bit as important as where to spend. There is no substitute for doing your homework.
Another good reason (Score:3, Insightful)
To user mplayer to play your files.
To the non-technically savvy .... (Score:3, Insightful)
(Blah, blah blah blah, blah) codec (blah blah, blah. Blah.)
[Allow] or [Cancel]