Andre Yoskowitz
20 Jul 2008 17:42
Security vendor Kapersky Labs has made note of a new type of trojan that is aimed at Windows users who download music through popular P2P networks such as LimeWire.
The malware inserts malicious links within ASF files, a container that is usually used for audio and video streams but can also hold images or links to websites.
"The possibility of this has been known for a little while but this is the first time we've seen it done," said David Emm, senior technology consultant for security vendor Kaspersky Lab.
When a user plays an infected file, Internet Explorer is launched and a site is loaded telling users they need to download a codec to play the file. The "codec" of course, is a trojan that then installs a proxy program on your PC. Just like with other proxy programs, hackers can then route traffic through the infected computer, creating a shield to cover their tracks.
Making the malware even more vicious is that once your computer is infected, it looks for any MP3 file it can find and will transcode it to WMA while wrapping it in an ASF container adding the malicious links and starting the cycle again.
"Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream," Secure Computing, another firm said.
The trojan goes by different names, such as "Troj_Medpinch.a," "Trojan.ASF.Hijacker.gen" or "Worm.Win32.GetCodec.a." depending on your Internet security package.