The Mother Board forums. Free tech support, motherboard ID, and more.
It is currently Mon May 25, 2020 9:51 am

Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Tue Jan 11, 2005 2:26 pm 
Black Belt 5th Degree
Black Belt 5th Degree

Joined: Mon Jul 14, 2003 12:38 pm
Posts: 8640
Location: Midlands UK
Malicious Trojan infects Windows Media Player
Downloads malicious application when video files are run
Robert Jaques, 11 Jan 2005

Security experts have intercepted two malicious Trojans hidden in video files that download and install spyware, diallers and computer viruses when played in Microsoft Windows Media player.

PandaLabs warned that Trj/WmvDownloader.A and Trj/WmvDownloader.B, are spreading through P2P networks hidden in video files. These Trojans take advantage of technology incorporated in Microsoft Windows Media player called Windows Media Digital Rights Management (DRM), designed to protect the intellectual property rights of multimedia content.

When a user tries to play a protected Windows media file, this technology demands a valid licence. If the license is not stored on the computer, the application will look for it on the internet, so that the user can acquire it directly or buy it. This technology is incorporated through the Windows XP Service Pack 2 + Windows Media Player 10 update.

The video files infected by these Trojans have a .wmv extension and are protected by licences, supposedly issued by the companies overpeer (for Trj/WmvDownloader.A), or protectedmedia (for Trj/WmvDownloader.B).

If the user runs a video file that is infected by one of these Trojans, the files pretend to download the corresponding licence. However, what they actually do is redirect the user to other internet addresses from which they download adware, spyware, diallers (applications that dial-up high rate toll numbers) and viruses, security experts at PandaLabs said.

Below are some examples of the malicious programs and viruses these Trojans download:


Dialler Generic

"Even though these Trojans have been detected in video files with extremely variable names which can be downloaded through P2P networks like KaZaA or eMule, bear in mind that they can also be distributed through other means, such as files attached to email messages, FTP or Internet downloads, floppy disks, CD-ROM, etc," PandaLabs warned.

"Only two thing are infinite, the universe and human stupidity,and Im not sure about the former." Albert Einstein (1879 - 1955)

Reply with quote  
 Post subject:
PostPosted: Wed Jan 12, 2005 1:42 am 
Black Belt 2nd Degree
Black Belt 2nd Degree
User avatar

Joined: Tue Jun 29, 2004 9:05 am
Posts: 2792
Location: St. Augustine, Fl
At first glance this seems to be the continuation of the scripting used in wmv files where it would look for a licsense and is nothing new.

But also note that if you play a media file the extension may have been changed and windows will inform you of this and ask to play it anyway if you choose to.
A wmv file can be renamed to mp3, wav, mpeg, avi etc.... but can still be played and cause the same ill effects

To safeguard dont use WMP (windows media player) if possible there are alternatives
Winamp is very good
VLC from videolan
KL codec pack or mega codec pack, both include the BS player and a modified media player that can play any file and be safe.

Thanks coppershirt for the info if indeed this is a new strain.

Reply with quote  
 Post subject:
PostPosted: Wed Jan 12, 2005 7:04 am 
Black Belt 5th Degree
Black Belt 5th Degree
User avatar

Joined: Mon Sep 13, 2004 3:22 pm
Posts: 9258
Location: 33258
Good info copper

[url=] Lend a hand and help with the folding project. Come join our 33258 team!


Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group