Jump to content
Posted 24 October 2010 - 08:03 PM
Posted 24 October 2010 - 08:57 PM
Posted 25 October 2010 - 08:26 AM
Edited by Didier Stevens, 25 October 2010 - 08:30 AM.
SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.
Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"
Posted 25 October 2010 - 09:14 AM
Unfortunately, yes. Well, in a sense...Various forms of malware can be hidden in a supposed MP3 file, including worms, viruses, and trojan horses. The numerous person-to-person file sharers are breeding grounds for these undesirables so it's rather important to know and become familiar with the warning signs...
Music files can disguise hack attack
A bug in Microsoft’s flagship operating system software allows computer attackers to craft MP3 or WMA music files that give them control of listeners’ computers. Simply browsing to a Web page or folder where such an MP3 file is stored would be enough to invoke the malicious code, and allow an attacker to create, modify, or delete data on the victim’s computer...Victims need not be induced to play the infected music file to cause an attack. Because of the way Windows file Explorer reads the attribute information, simply hovering over an infected music file’s icon is enough to cause the buffer overrun. Accessing a folder where the file lives would also invoke the malicious program, as would visiting a Web site where the file is stored.
CERT Advisory CA-2002-37 Buffer Overflow in Microsoft Windows Shell
A buffer overflow vulnerability exists in the Microsoft Windows Shell. An attacker can exploit this vulnerability by enticing a victim to read a malicious email message, visit a malicious web page, or browse to a folder containing a malicious .MP3 or .WMA file. The attacker can then execute arbitrary code with the privileges of the victim.
users infected by fake Trojan MP3 files
McAfee reported that it's seen a huge spike in fake MP3 files spreading on peer-to-peer networks. Although the files have names that make them look like audio recordings, they're really Trojan horse programs that try to install a shoddy media player and adware on your computer...
New worm transcodes MP3s to try to infect PCs
Windows users who download music files on peer-to-peer networks are at risk from new malware that inserts links to dangerous Web pages within ASF media files...it looks for MP3 or MP2 audio files, transcodes them to Microsoft's Windows Media Audio format, wraps them in an ASF container, and adds links to further copies of the malware, in the guise of a codec...The ".mp3" extension of the files is not modified, however, so victims may not immediately notice the change, according to Kaspersky Lab.
Kaspersky Lab reports new worm that infects audio files
Kaspersky Lab...reports the detection of a malicious program that infects WMA audio files...The worm, which was named Worm.Win32.GetCodec.a, converts mp3 files to the Windows Media Audio (WMA) format (without changing the .mp3 extension) and adds a marker with a link to an infected web page to the converted files.
Edited by quietman7, 25 October 2010 - 09:22 AM.
Posted 25 October 2010 - 11:25 AM
Posted 25 October 2010 - 01:27 PM
Edited by quietman7, 25 October 2010 - 01:34 PM.
0 members, 0 guests, 0 anonymous users