Although we have yet to see a plain music file that's infected with any sort of malicious software, there's a Trojan horse making its way around the world's P2P networks that uses a link embedded in Microsoft ASF music files that encourages listeners to download a codec in order to hear the song. Rather than a codec, the downloadable file is a software program that transcodes the MP3 and MP2 music it finds on a user's computer into ASF files (a Microsoft media format) containing the malicious link.
Affected files maintain their extension (.mp3 or .mp2), so users are unlikely to notice the change. However, every time one of the affected songs is played, Microsoft's Internet Explorer browser will launch, according to InfoWorld, bringing the user to a page where the Trojan horse "codec" can be downloaded. Certain files legitimately require the download of a codec to be played, so some users are understandably falling for this trick.
Once the program is installed, it transcodes the MP3s on the user's computer into the ASF format, adding the malicious pop-up link -- a trait that makes the Trojan horse conducive to spreading via file sharing networks. As always, music downloaders should exercise caution whenever a downloaded file asks to have a codec installed in order for it to play.
Monday, July 21, 2008
The Sounds Of Virus
Wired reports that there are viruses hiding in some of the music files being swapped on P2P networks out there:
The bottom line here is that ASF files are lame and you shouldn't be downloading or listening to that format anyway. Raw WAV files, MP3, FLAC, and even WMV are superior to ASF. Anything that requires you to download a codec you should try to avoid in the audio realm. Be careful, and happy downloading.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment