MSMVPS.COM

The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Welcome to MSMVPS.COM Sign in | Help
in Search
Home Blogs Media Groups

Harry Waldron - Microsoft MVP Blog

Security News and Best Practices for corporate and home users

Music Files - New Codec injection attacks add danger for Multi-media files

Music Sometimes one bad apple can spoil the entire bunch.  A new injection based codec attack has surfaced which can infect all multi-media files on the hard drive.  For example, a malicious MP3 file can be downloaded and if the special fake codec routine is accepted, it will inject malicious code into every multi-media file that is processed.  Folks should continue to only use trusted sources for music or video.

Infectious Music, Malware-Style
http://www.trustedsource.org/blog/132/Trojan-infecting-multimedia-files
http://blog.trendmicro.com/infectious-music-malware-style/

QUOTE: A malware that infects multimedia files, modifying them to require the download of a fake codec when played had recently been discovered. It infects widely used multimedia file formats such as MP3, WMA and WMV video files by injecting a malicious code. The said malware is also capable of converting files such as MP2 and MP3 into Windows Media Audio (WMA) format. When a user tries to play an infected file, a pop-up message is displayed, asking the user to download a certain codec in order to play the file. The downloaded codec is of course, nothing else but malware.

But this malware takes it to a new, and more dangerous level; it manipulates a person’s multimedia files and uses it against them. People normally keep thousands of multimedia files on their systems, especially MP3s. If each file is infected by the malware then shared through a P2P network, then the user unknowingly turns into a malware host.

Only published comments... Jul 15 2008, 09:55 PM by harry

Comments

 

Alun Jones said:

Asking people to get their media files from trusted sources is one solution - another is to ask people to get their _codecs_ from trusted sources, too.

Obviously, it's a little difficult to say _what_ is a trusted source for either media or codec, but there are likely to be fewer codec sources to vet than there are media sources, you generally won't get into trouble for downloading a codec (unless it's proprietary).

Lesson: don't ever install a codec that came with the media, and where possible, disable any ability your player has to automatically fetch a codec from the media's declared source. Only fetch codecs from the media player's trusted source, or failing that, a trusted third party - but never from where the media tells you to go.

July 16, 2008 9:59 AM

Leave a Comment

(required) 
(optional)
(required) 
Submit

This Blog

Syndication

Recent Posts

Archives

Personal Links


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems