Earlier today a buddy of mine sent me the link the the Kaspersky website that reports a new worm that has been detected in .mp3 files. So….for all you .mp3 junkies out there, this just might be interesting to you. Here’s the scoop:
Kaspersky Lab, a leading developer of secure content management systems, reports the detection of a malicious program that infects WMA audio files. The objective of the infection is to install a Trojan that gives a cybercriminal control of the user’s computer.
The worm, which was named Worm.Win32.GetCodec.a, converts mp3 files to the Windows Media Audio (WMA) format (without changing the .mp3 extension) and adds a marker with a link to an infected web page to the converted files. The marker is activated automatically during file playback. It opens an infected page in Internet Explorer where the user is asked to download and install a file which, according to the website, is a codec. If the user agrees to install the file, a Trojan known as Trojan-Proxy.Win32.Agent.arp is downloaded to the computer, giving cybercriminals control of the victim PC.
Unlike earlier Trojans, which used the WMA format only to mask their presence on the system (i.e., the infected objects were not music files), this worm infects audio files. According to Kaspersky Lab virus analysts, this is the first such case. The likelihood of a successful attack is increased because most users trust their audio files and do not associate them with possible infections. It should be noted that the file on the counterfeit web page is digitally signed by Inter Technologies and is identified by www.usertrust.com, the resource that issued the digital signature, as trusted.
Immediately after Worm.Win32.GetCodec.a was detected, its signatures were added to Kaspersky Lab’s antivirus databases.
Here’s you early warning….you’re welcome.
Leave a comment