New Worm Transcodes MP3s to Try to Infect PCs
July 18, 2008 – 6:09 AMA new kind of malicious software could pose a danger to Windows users who download music files on peer-to-peer networks.
The new malware inserts links to dangerous Web pages within ASF (Advanced Systems Format) media files.
“The possibility of this has been known for a little while but this is the first time we’ve seen it done,” said David Emm, senior technology consultant for security vendor Kaspersky Lab.
Advanced Systems Format is a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources.
If a user plays an infected music file, it will launch Internet Explorer and load a malicious Web page which asks the user to download a codec, a well-known trick to get someone to download malware.
The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, Emm said. The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity, Emm said.