Full Disclosure mailing list archives
Social Eng. with Windows Media Player and Codec Download
From: "Elia Florio" <eflorio () edmaster it>
Date: Wed, 28 Dec 2005 20:00:39 +0100
Here: hXXp://www.goodmovielaugh.com/video5.html hXXp://www.good-movie-jokes.com/video5.html there's some malware/adware that try to use .ASX files as vectorto infect windows machines by forcing users to download and install executables. The trick (not an exploit!!!!) is to convince people that Windows Media Player needs an additional codec....so that users confirm the download of an EXE file.
In the page there's a reference for an .ASX file: <ASX version="3.0"> <ENTRY> <TITLE>Impossibile Trovare il Codec</TITLE> <REF HREF="video.avi"/> <DURATION VALUE="60:00"/> <BANNER HREF="codec-alert.gif"> <ABSTRACT>Clicca qui per scaricare i codec aggiornati</ABSTRACT><MOREINFO HREF="http://www.vcodecreceive.com/download/VideoCodec3_05b_5.exe" />
</BANNER> </ENTRY> </ASX>The EXE file downloaded is probably some Download.Trojan or Trojan.Clicker packed with Nullsoft NSIS.
EF
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Social Eng. with Windows Media Player and Codec Download Elia Florio (Dec 28)