Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Social Eng. with Windows Media Player and Codec Download

From: "Elia Florio" <eflorio () edmaster it>
Date: Wed, 28 Dec 2005 20:00:39 +0100
Here:
hXXp://www.goodmovielaugh.com/video5.html
hXXp://www.good-movie-jokes.com/video5.html

there's some malware/adware that try to use .ASX files as vector
to infect windows machines by forcing users to download and install executables. The trick (not an exploit!!!!) is to convince people that Windows Media Player needs an additional codec....so that users confirm the download of an EXE file. 

In the page there's a reference for an .ASX file:

<ASX version="3.0">
<ENTRY>
 <TITLE>Impossibile Trovare il Codec</TITLE>
 <REF HREF="video.avi"/>
 <DURATION VALUE="60:00"/>
 <BANNER HREF="codec-alert.gif">
  <ABSTRACT>Clicca qui per scaricare i codec aggiornati</ABSTRACT>
<MOREINFO HREF="http://www.vcodecreceive.com/download/VideoCodec3_05b_5.exe"; /> 
 </BANNER>
</ENTRY>
</ASX>
The EXE file downloaded is probably some Download.Trojan or Trojan.Clicker packed with Nullsoft NSIS.
EF 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: