New kind of malicious software could pose a danger to Windows users who download music files on peer-to-peer networks

A new kind of malicious software could pose a danger to Windows users who download music files on peer-to-peer networks.

The new malware inserts links to dangerous Web pages within ASF (Advanced Systems Format) media files.

“The possibility of this has been known for a little while but this is the first time we’ve seen it done,” said David Emm, senior technology consultant for security vendor Kaspersky Lab.

If a user plays an infected music file, it will launch Internet Explorer and load a malicious Web page which asks the user to download a codec, a well-known trick to get someone to download malware.

The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, Emm said. The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity, Emm said.

The malware has worm-like qualities. Once on a PC, it looks for MP3 or MP2 audio files, transcodes them to Microsoft’s Windows Media Audio format, wraps them in an ASF container and adds links to further copies of the malware, in the guise of a codec, according to another security analyst, Secure Computing.

The “.mp3″ extension of the files is not modified, however, so victims may not immediately notice the change, according to Kaspersky Lab.

“Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream,” Secure Computing said.

Trend Micro calls the malware “Troj_Medpinch.a,” Secure Computing named it ” “Trojan.ASF.Hijacker.gen” and Kaspersky calls it “Worm.Win32.GetCodec.a.”

Source / full article: PCWorld Business Center

July 18, 2008 Posted by Smokey | Advisories, Alerts, Downloads, Malware, News, Security | ASF media, codecs, compromised PCs, infected music files, internet explorer IE, kaspersky lab, malicious software, Malware, mp3, p2p, Secure Computing, Trend Micro, trojan horses, Trojan.ASF.Hijacker.gen, Troj_Medpinch.a, Worm.Win32.GetCodec.a, worms | No Comments Yet

Microsoft Security Bulletin MS08-033 (Critical): Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Published: June 10, 2008 | Updated: July 16, 2008

This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

The security update addresses the vulnerability by modifying the way that DirectX handles MJPEG and SAMI format files.

Microsoft recommends that customers apply the update immediately.

Source / full article / download: Microsoft TechNet

July 18, 2008 Posted by Smokey | Advisories, Alerts, Downloads, Malware, Security, Vulnerabilities | 951698, attacks, critical update, DirectX vulnerabilities, media files, MS08-033, technet, vista, Windows 2000, Windows Server 2003, windows server 2008, XP | No Comments Yet