The initial infection arrives from a pirate software warez site, where users go looking for illegal cracks or serial key to run copy-protected software.
According to the vendor's security advisory when playing back the infected files, the user is fooled into believing a codec is needed to play back the content.
When downloading the advertised fake codec, the user will install the malware instead which embeds malicious content into multimedia files such as MP3, WMA music files, WMV video files and others.
Eric Krieger, country manager for ANZ at Secure Computing told SC that one of the infected MP3 files includes music from 70's rock group Queen's Greatest Hits album.
“The bottom line is you shouldn’t be looking to download the codec, that’s the major thing, and once you have it installed it injects the command and causes the WMP to redirect,” said Krieger.
When the user plays any infected files, no sign of compromise will show up and they will never know they’ve been infected, warned Secure Computing.
When a user then shares a file via email or a P2P site, those infected multimedia files are then transferred to someone else.
“It’s not a Windows issue, it’s an MP3 issue and you need to update your anti-virus signature to stay protected. It’s just something that users have to be aware of,” said Krieger.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
