AfterDawn: Tech news

New malware aims at music from P2P networks

Written by Andre Yoskowitz (Google+) @ 20 Jul 2008 17:42 User comments (22)

New malware aims at music from P2P networks Security vendor Kapersky Labs has made note of a new type of trojan that is aimed at Windows users who download music through popular P2P networks such as LimeWire.
The malware inserts malicious links within ASF files, a container that is usually used for audio and video streams but can also hold images or links to websites.

"The possibility of this has been known for a little while but this is the first time we've seen it done," said David Emm, senior technology consultant for security vendor Kaspersky Lab.

When a user plays an infected file, Internet Explorer is launched and a site is loaded telling users they need to download a codec to play the file. The "codec" of course, is a trojan that then installs a proxy program on your PC. Just like with other proxy programs, hackers can then route traffic through the infected computer, creating a shield to cover their tracks.

Making the malware even more vicious is that once your computer is infected, it looks for any MP3 file it can find and will transcode it to WMA while wrapping it in an ASF container adding the malicious links and starting the cycle again.

"Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream," Secure Computing, another firm said.

The trojan goes by different names, such as "Troj_Medpinch.a," "Trojan.ASF.Hijacker.gen" or "Worm.Win32.GetCodec.a." depending on your Internet security package.

Previous Next  

22 user comments

120.7.2008 17:51

this is why i tell no one to use limewire. its a virus factor just like when Kazaa got popular.

removing that kind of spyware usually damages the registry so bad u have to reformat the computer almost everytime.

220.7.2008 17:51

I would also like to apologize for the strange formatting of the article that some users may experience. It will be fixed soon.

320.7.2008 18:03

Sadly, many newcomers will probably get suckered into this. I doubt experienced users would download an ASF file anyway.

420.7.2008 18:18

<DELETED>

This message has been edited since its posting. Latest edit was made on 20 Jul 2008 @ 23:09

520.7.2008 21:40

Why would anyone use Limewire anyway? The place is crawling with Feds anyway, thanks to all of the cp traders.

Usenet is where the best stuff is at.

621.7.2008 0:56

This isn't new... This type of virus has been going on for ages... people diserve this and more though if they want to download child porn. The rest of the people who are downloading regular porn, movies, music videos just need to be safe i'd say and use torrents.

721.7.2008 2:12

Limewire isn't that great, especially for music. Torrents mean higher-quality and almost zero viruses.

However, I wonder why it transcodes the files to WMA and re-wraps it in a ASF container. It's probably because Windows Media Player can read ASF files, which makes the infection more likely to happen, however that is just an educated guess.

Peace

821.7.2008 2:50

can anyone say M$?
conspiracy starts here

921.7.2008 8:19

yup, i use limewire, for like a song or 2, nothing major...got all 3 of the trojans...but damn it if my av didn't catch them asap...lol...love mcafee, not only did it catch it before it was completed, it automatically deleted it as well.

gotta love it.

This message has been edited since its posting. Latest edit was made on 21 Jul 2008 @ 8:26

1021.7.2008 8:40

I've never been real fond of Limewire anyway; there are better places for good quality music without hoping your antivirus program catches the nasites before your pc gets 'em.

This is one more reason to avoid Limewire.

1121.7.2008 9:24

Originally posted by xSModder:
can anyone say M$?
conspiracy starts here
I was thinking Music/Movie industry myself.

1221.7.2008 9:39

I hope I'm safe... I'm still using Compuserve to get on Napster

This message has been edited since its posting. Latest edit was made on 21 Jul 2008 @ 9:40

1321.7.2008 10:44

Yeah. I've told everyone I know to stay way from limewire. But do any of them listen? Nope. TIs why I don't fix their computers for them. Ever since I signed for this site I started becoming aware of these things. Granted that was a long time ago, but it still helped.

1421.7.2008 12:11

I loved Limewire.....3 years ago.

1521.7.2008 14:25
blueroad
Inactive

cough ** get bitorrent idiot! ** cough

1621.7.2008 15:03
lynchGOP
Inactive

I use Bearshare Pro (Jacked of course) for over 6 years now and I have NEVER received a virus for the individual songs I download. In addition, I use bittorrent for whole albums but again................I have NEVER received a virus via Bearshare. Same 'network' (gnutella) as Limewire too.

And I'm going on the record by saying----If you or anyone consciously plays a "song", whatever the format, and the KNOWING DOWNLOADS A CODEC BY BEING REDIRECTED then you're a f'ing idiot and the punishment should be much more severe than that. There is no excuse or justifiable reason for STUPIDITY. Pull your head outta your ass and START USING IT BY 'THINKING'.

No remorse, no regrets no 'feeling bad'

This message has been edited since its posting. Latest edit was made on 21 Jul 2008 @ 15:08

1721.7.2008 15:11
lynchGOP
Inactive

Originally posted by xSModder:
can anyone say M$?
conspiracy starts here

Whatever!! Keep your dumbass thoughts to yourself!!! Yeah...........and the 'government' knowingly hired Al Quaida to blow up the WTC and no plane crashed into the Pentagon and "buildings don't collapse from heat and fire" like the WTCs did.

Get a job........
Get a clue........
GET AN EDUCATION!!!!

1821.7.2008 16:06

lol whatever, I don't believe any of that and don't really like anyone that does, because it's nonsense

nobody just goes and makes a filewrapper that converts to wma and makes the file doomed to repeat the process. maybe saying M$ was too small, does saying RIAA get you more hot?

1921.7.2008 17:37
lynchGOP
Inactive

Originally posted by xSModder:
lol whatever, I don't believe any of that and don't really like anyone that does, because it's nonsense

nobody just goes and makes a filewrapper that converts to wma and makes the file doomed to repeat the process. maybe saying M$ was too small, does saying RIAA get you more hot?
It's certainly more plausible...................

............BUT I believe that the majority of the viruses written are by hackers doing so "just because".

2021.7.2008 17:39
varnull
Inactive

Dammit.. rumbled again.. My plans to rule the world will have to take another path.. Did you like the kylie? I enjoyed all your paypal and ebay passwords.

This message has been edited since its posting. Latest edit was made on 21 Jul 2008 @ 17:41

2121.7.2008 20:15

LMAO..Yep i know about that codec,since i have backup images of my hdd i figured stuff it install codec & see what happens,sure enough the security ware started kicking up warnings of infection..lol..30 mins later after a re-image everything was back to normal pheeeew

2230.7.2008 20:53
varnull
Inactive

i don't think the mpaa/riaa or the cartel would use malware insertion. It leaves them open to legal action if they get caught. They would be more likely to put entrapment content on.. false bitrate versions of the content containing a "you have been caught, your ip has been logged, you will now receive a letter concerning illegal use of the internet and filesharing programs for means of copyright infringing behaviour. We reserve the right to impose penalties to the full extent allowed by applicable laws"

Far more their style.

Seriously.. who uses these obsolete risky p2p apps these days?

Comments have been disabled for this article.

News archive