13:44 Kaspersky Lab has detected a worm that infects audio files | |
Kaspersky Lab, a leading manufacturer of security systems from malicious and unwanted software, hacker attacks and spam, has detected a malicious program that infects audio format WMA. The purpose of infection is to download a Trojan that allows an attacker to gain control over the user's computer. The worm, named Worm.Win32.GetCodec.a, convert mp3-files to WMA (while maintaining the extension mp3), and add a marker containing a link to an infected web-page. Activation marker is performed automatically while listening to the file and invokes the browser Internet Explorer, which goes on an infected page where the user is prompted to download and install a file disguised as a codec. If the user agrees to install, then on his computer downloaded a Trojan Trojan-Proxy.Win32.Agent.arp, through which an attacker can gain control of the attacked PC. Prior to this WMA file format used by Trojans only as a disguise, that is, an infected object is not a music file. The peculiarity of the same worm is infecting pure audio files that, according to virus analysts from Kaspersky Lab, is the first case of its kind and raises the probability of a successful attack, since users usually are treated with great confidence in their own media files and do not associate them with the danger of infection. It should be noted that the file which is located on the forged page that has a digital signature of Inter Technologies and is determined by the issuing of EDS as a trusted resource http://www.usertrust.com. Immediately after the discovery of a worm Worm.Win32.GetCodec.a his signature was added to the antivirus database of Kaspersky Lab. Source | |
|
Total comments: 0 | |