[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security] [Full-disclosure] Social Eng. with Windows Media Player and Codec Download

To: Elia Florio <eflorio@xxxxxxxxxxx>
Subject: Re: [security] [Full-disclosure] Social Eng. with Windows Media Player and Codec Download
From: Marco Ermini <markoer@xxxxxxxxxxx>
Date: Tue, 3 Jan 2006 17:44:10 +0100

On 12/28/05, Elia Florio <eflorio@xxxxxxxxxxx> wrote:
> Here:
> hXXp://www.goodmovielaugh.com/video5.html
> hXXp://www.good-movie-jokes.com/video5.html
>
> there's some malware/adware that try to use .ASX files as vector
> to infect windows machines by forcing users to download and install
> executables.
> The trick (not an exploit!!!!) is to convince people that Windows Media
> Player
> needs an additional codec....so that users confirm the download of an EXE
> file.
[...]
> The EXE file downloaded is probably some Download.Trojan or Trojan.Clicker
> packed with Nullsoft NSIS.
[...]

It was classified as "Trojan-Clicker.Win32.Bomka.a"


Cheers
--
Marco Ermini
Dubium sapientiae initium. (Descartes)
root@human # mount -t life -o ro /dev/dna /genetic/research
(This message is for the designated recipient only and may contain
privileged or confidential information. If you have received it in
error, please notify the sender immediately and delete the original.)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Antitoxin for "SQL Injection" (?)
Next by Date: RE: [Full-disclosure] WMF round-up, updates and de-mystification
Previous by thread: Re: Fwd: [Full-disclosure][WAY OFF TOPIC] complaints about the government spying!
Next by thread: [Full-disclosure] SCOSA-2006.1 OpenServer 5.0.6 OpenServer 5.0.7 OpenServer 6.0.0 : BIND Denial of Service Vulnerability
Index(es):
- Date
- Thread