A new type of multimedia malware is rearing its head on the web, targeting file sharers by infecting music and video files.
Secure Computing said that the attack takes a phased approach and highlights the growing complexity of today's malware.

New attack focuses on music and video files
vnunet.com, 14 Jul 2008
A new type of multimedia malware is rearing its head on the web, targeting file sharers by infecting music and video files.
Secure Computing said that the attack takes a phased approach and highlights the growing complexity of today's malware.
The initial infection occurs when a user visits a 'warez' site seeking an illegal crack or serial key to run a copy-protected software program.
The user is lured into downloading a Trojan which then infects every multimedia file on their PC.
While keeping the file format in place, the Trojan converts every music and video file to a standard format and then embeds malicious code into that file.
When the user shares the files via email, transfer or a peer-to-peer network, the infected multimedia files are transferred to someone else.
These are professional fraudsters. We are not dealing with script kiddies any more
Christoph Alme Secure Computing
When a file is opened, the media player is redirected to a malicious resource on the web to download a fake codec which then misleads the new victim into installing a password stealer.
Although complicated, this approach helps the infection to slip under the radar as the attack vector is more indirect.
Christoph Alme, team leader at Secure Computing's Anti-Malware Research Labs, told vnunet.com: "These are professional fraudsters. We are not dealing with script kiddies any more."
Some will conclude that the only people at significant risk are those seeking to crack software or illegally share copyrighted content.
But Alme warned that the scale of P2P sharing means that many users may inadvertently be at risk through the downloading of perfectly legal data through a P2P network.
"Although most of these people are taking part in illegal activities, there are many who may become unwittingly infected while doing nothing wrong," he said.
Secure Computing has urged PC owners to make sure that all security software is correctly configured and up-to-date.
Users are also advised to stay away from warez sites and to be wary of agreeing to download an unknown codec in order to play any multimedia files.
SQL injection vulnerability compromises web pages
Fewer new malware samples being found in the wild

This week we cover the continuing controversy surrounding the Orange T-Mobile deal

Using managed services to protect mobile data users from the latest security threats
Counting the cost of data security: the benefits of secured mobile services

Shifting Disaster Recovery targets with SharePoint and SQL server configurations
Using a hostbased recovery system for mission-critical systems
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Replacement warning functioning normally, claims software giant

Annual initiative warns of phishing, ID theft and social network...
Do you agree?
Have your say on this article