Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code
p2pnet - rss feed: http://p2pnet.net/p2p.rss | p2pnet celebrities: http://p2pnet.net/celeb.rss | Mobile? http://p2pnet.net/index-wml.php

Meet P2P worm Trojan.ASF.Hijacker.gen

p2pnet news view P2P | Security:- A new online worm could eat its way into the computers of Windows users who download from P2P networks, says Computerworld Norway, quoting Kaspersky Lab tech consultant David Emm.

It inserts links to dangerous Web pages within ASF (Advanced Systems Format), a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources, says the story.

“The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC,” Emm says.

“The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity.”

MP3 extensions aren’t modified, however, meaning victims might not immediately notice the change, says Kaspersky Lab, according to the post.

“As soon as the multimedia file is played back and the advertised fake codec is being run by a tricked user, pop-ups from Windows Media Player, asking for a codec to install, do not appear anymore - creating the false impression that a codec has been successfully installed,” says Trusted Source, adding:

“Of course, this is just the consequence of the malware simply changing the compromised system’s behavior. By infecting the multimedia files, the attackers promote the spreading of their miscreant through (peer-to-peer) file sharing networks. Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream.”

Trend Micro calls the malware “Troj_Medpinch.a,” Secure Computing named it ” “Trojan.ASF.Hijacker.gen” and Kaspersky calls it “Worm.Win32.GetCodec.a,” says Computerworld.

.Add to Technorati Favorites .Stumble It!

Computerworld Norway -Opera Mobile 9.5 beta released, July 18, 2008
Trusted Source -Trojan infecting multimedia files, July 9, 2008

Use free p2pnet newsfeeds for your site. It’s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Friday, July 18th, 2008 at 10:09 am and is filed under Security, P2P. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 3822 times

« previous ‘Extreme and vicious’ Net libel campaign
Last H.O.P.E. background material next »

5 Responses to “Meet P2P worm Trojan.ASF.Hijacker.gen”

  1. Reader's Write Says:
    July 18th, 2008 at 11:19 am

    Who’s stupid enough to just download a codec like that?

  2. Rekrul Says:
    July 18th, 2008 at 2:00 pm

    This article illustrates everything that’s wrong with Microsoft. Who in their right mind would create a video format that could contain browser triggers? What the hell were they smoking when they designed that “feature”? MS puts in all these “features”, like the preview pane in Outlook Express, auto-running software on CD/DVD, etc. which users have to turn off because they’re huge security risks. The preview pane can run viruses, auto-run is how Sony got their rootkit onto people’s systems. Why do they keep putting in crap like this when nobody with half a brain will ever use it?

    This also shows why it’s a good idea to dump the bloated Windows Media Player and install a better, third party player. As far as I know, WMP is the only one that acts on the browser triggers in ASF files.

  3. Andy Says:
    July 18th, 2008 at 6:29 pm

    Microsoft have effectively created every virus except the original “Morris” worm. They have done it by repeatedly failing to recognise the danger in executing data.

    They made PCs execute code on the boot sector of floppy disks, even if they contained only data, thereby inventing the “boot sector virus”.

    They made PCs execute “word” macros in emails, which should be only data, thereby inventing the email virus.

    They made Internet Explorer run ActiveX controls on web pages, thereby inventing the web-hosted virus.

    The world would be a different place without Microsoft.

  4. a trojan is created by a loser in drag Says:
    July 19th, 2008 at 1:51 pm

    Wwhen disk dive icons, are now folders,
    that is the time to check for hidden outruns files on the drives that are folders

  5. Reader's Write Says:
    July 22nd, 2008 at 6:28 pm

    Just more malware that relieas on the “trojan horse
    as video codec” in order to infect peoples’ systems.

    Although this one doesn’t seem all that rampant yet,
    the one that originally used this trick, Zlob, is perhaps
    the most commonly reported trojan infection.

    Pretty sneaky tactic, though, wrapping a malicious
    download link inside an ASF and then making it appear
    as though it were an MP3. Though I doubt it would work
    if it were opened in a player other than Windows Media Player.

Leave a Reply
    Advertisments
Teksavvy