[Full-disclosure] Social Eng. with Windows Media Player and Codec Download
Elia Florio
eflorio at edmaster.it
Wed Dec 28 19:00:39 GMT 2005
Here:
hXXp://www.goodmovielaugh.com/video5.html
hXXp://www.good-movie-jokes.com/video5.html
there's some malware/adware that try to use .ASX files as vector
to infect windows machines by forcing users to download and install
executables.
The trick (not an exploit!!!!) is to convince people that Windows Media
Player
needs an additional codec....so that users confirm the download of an EXE
file.
In the page there's a reference for an .ASX file:
<ASX version="3.0">
<ENTRY>
<TITLE>Impossibile Trovare il Codec</TITLE>
<REF HREF="video.avi"/>
<DURATION VALUE="60:00"/>
<BANNER HREF="codec-alert.gif">
<ABSTRACT>Clicca qui per scaricare i codec aggiornati</ABSTRACT>
<MOREINFO
HREF="http://www.vcodecreceive.com/download/VideoCodec3_05b_5.exe" />
</BANNER>
</ENTRY>
</ASX>
The EXE file downloaded is probably some Download.Trojan or Trojan.Clicker
packed with Nullsoft NSIS.
EF
Full-Disclosure is hosted and sponsored by Secunia.