2008-07-21

(malware) why you should avoid Windows formats

There's a new virus out that "searches for MP3s, transcodes them to WMA format, wraps them in an ASF container, and adds links to further copies of the malware, all without modifying the .MP3 extension": http://it.slashdot.org/article.pl?sid=08/07/18/145223&from=rss

The real insight here is at http://it.slashdot.org/comments.pl?sid=618545&cid=24242285 , which explains why ASF is like the ActiveX of multimedia! It's a very short comment, so I'll take the liberty of reproducing it here:

For those of you who think this is just a troll, or are just unfamiliar with ASF:

Advanced Systems Format is a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources.

If a user plays an infected music file, it will launch Internet Explorer and load a malicious Web page which asks the user to download a codec, a well-known trick to get someone to download malware.

It's like the ActiveX of multimedia wrapper files. A security nightmare? You bet. Does it still depend on user stupidity? Well, yes.


 

No comments: