Consider the Source, Not Just the File Type
An uptick in malware that infects music files being traded on popular peer-to-peer (P2P) file-sharing networks should give Windows users pause about downloading songs from unknown sources.
Symantec is reporting a spike in the number of audio files infected with what it calls Trojan.Brisv.A (detected as Worm.Win32.GetCodec.a by other antivirus vendors). The malicious software resides in otherwise innocuous-looking music Windows Media Audio (.wma) files that, when opened, changes all .mp3 and .mp3 files on a host system to Windows Media Audio (.wma) format.
Audio files altered by the Trojan won't lose their .mp2 or .mp3 file extensions. Rather, the Trojan embeds in each converted media file a placeholder, so that when a victim tries to listen to it, the song is opened up in Windows Media Player. At that point, the victim is prompted to download an audio codec in order to continue playback. If the victim installs the codec, the Trojan installs a program that gives the authors control over the user's system.
Symantec said the fake codec installs software that prompts people to purchase rogue anti-virus software, also know as "scareware," which uses fake security alerts to frighten consumers into paying for bogus computer security programs.
While the Trojan was first spotted last summer, Symantec says it has seen a recent uptick in the number of detections on this malware. The company is estimating that between 200,000 to 1.6 million people have downloaded audio files infected with the malware.
Kevin Haley, director of Symantec Security Response, said the Trojan appears to have been created with a so-called "binder," one of several hacker tools freely available that can bundle executable files in with more innocuous-seeming file types, such as text and image files.
"This is a good opportunity to remind users that it's not just .exes [executable files] that can be dangerous to download and run," Haley said.
If you were unfortunate enough to have wrecked your music collection after downloading an audio file infected with this Trojan, you can use Symantec's free fix-it tool, which should remove the Trojan from any affected files.
February 6, 2009; 4:52 PM ET
Categories: Fraud , From the Bunker , Latest Warnings , Safety Tips , Web Fraud 2.0
Save & Share: Previous: Quick Poll: Many Smaller Banks Hit By Heartland Breach
Next: Covering Your Tracks in Firefox
Posted by: CB12 | February 9, 2009 1:16 PM | Report abuse
Posted by: kiwi13 | February 10, 2009 9:02 PM | Report abuse
Posted by: ronljohnson | February 12, 2009 9:51 PM | Report abuse
The comments to this entry are closed.