New Trojan in the wild targeting multimedia files

By

Secure Computing is warning of a new Trojan in the wild that is infecting multi-media files on a victim’s hard disk.


Secure Computing is warning of a new Trojan in the wild that is infecting multi-media files on a victim’s hard disk.

The initial infection arrives from a pirate software warez site, where users go looking for illegal cracks or serial key to run copy-protected software.

According to the vendor's security advisory when playing back the infected files, the user is fooled into believing a codec is needed to play back the content.

When downloading the advertised fake codec, the user will install the malware instead which embeds malicious content into multimedia files such as MP3, WMA music files, WMV video files and others.

Eric Krieger, country manager for ANZ at Secure Computing told SC that one of the infected MP3 files includes music from 70's rock group Queen's Greatest Hits album.

“The bottom line is you shouldn’t be looking to download the codec, that’s the major thing, and once you have it installed it injects the command and causes the WMP to redirect,” said Krieger.

When the user plays any infected files, no sign of compromise will show up and they will never know they’ve been infected, warned Secure Computing.

When a user then shares a file via email or a P2P site, those infected multimedia files are then transferred to someone else.

“It’s not a Windows issue, it’s an MP3 issue and you need to update your anti-virus signature to stay protected. It’s just something that users have to be aware of,” said Krieger.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?