Meet P2P worm Trojan.ASF.Hijacker.gen

Discuss the world of file sharing, from philosophy to help with applications.

Moderator: CricketMX Forum Moderators

Post Reply
User avatar
p2p-sharing-rules
Moderator
Moderator
Posts: 8462
Joined: Mon Mar 29, 2004 6:55 pm
Location: Canada

A new trojan worm is out there on p2p networks, it's disguised as an ASF file extension, so be careful downloading ASF files if you download ASF files people on your favorite p2p network.
A new online worm could eat its way into the computers of Windows users who download from P2P networks, says Computerworld Norway, quoting Kaspersky Lab tech consultant David Emm.

It inserts links to dangerous Web pages within ASF (Advanced Systems Format), a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources, says the story.

“The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC,” Emm says.

“The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity.”

MP3 extensions aren’t modified, however, meaning victims might not immediately notice the change, says Kaspersky Lab, according to the post.

“As soon as the multimedia file is played back and the advertised fake codec is being run by a tricked user, pop-ups from Windows Media Player, asking for a codec to install, do not appear anymore - creating the false impression that a codec has been successfully installed,” says Trusted Source, adding:

“Of course, this is just the consequence of the malware simply changing the compromised system’s behavior. By infecting the multimedia files, the attackers promote the spreading of their miscreant through (peer-to-peer) file sharing networks. Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream.”

Trend Micro calls the malware “Troj_Medpinch.a,” Secure Computing named it ” “Trojan.ASF.Hijacker.gen” and Kaspersky calls it “Worm.Win32.GetCodec.a,” says Computerworld.
p2pnet.net
User avatar
battye
Site Admin
Site Admin
Posts: 14391
Joined: Sun Jan 11, 2004 8:26 am
Location: Australia
Contact:

:evil:

I guess at least it is disguised as an asf file, compared to avi or mpg I don't think asf is very common? I've never downloaded an asf file anyway :?
CricketMX.com in 2022: Still the home of bat's, rat's and other farmyard animals!

"OK, life [as you chose to define it] repeats until there are no more lessons to be learned." - nrnoble (June 12, 2005)
"the new forum looks awesome, it's getting bigger & better" - p2p-sharing-rules (11 Jan, 2008)
"Looks like CMX is not only getting bigger...but, also getting better!!" - moongirl (14 Dec, 2007)
User avatar
p2p-sharing-rules
Moderator
Moderator
Posts: 8462
Joined: Mon Mar 29, 2004 6:55 pm
Location: Canada

Yea not too many people download ASF files, but I do still find older ones floating around the WPN when I search for videos.
Post Reply