Meet P2P worm Trojan.ASF.Hijacker.gen
Posted: Fri Jul 18, 2008 8:22 pm
A new trojan worm is out there on p2p networks, it's disguised as an ASF file extension, so be careful downloading ASF files if you download ASF files people on your favorite p2p network.
p2pnet.netA new online worm could eat its way into the computers of Windows users who download from P2P networks, says Computerworld Norway, quoting Kaspersky Lab tech consultant David Emm.
It inserts links to dangerous Web pages within ASF (Advanced Systems Format), a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources, says the story.
“The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC,” Emm says.
“The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity.”
MP3 extensions aren’t modified, however, meaning victims might not immediately notice the change, says Kaspersky Lab, according to the post.
“As soon as the multimedia file is played back and the advertised fake codec is being run by a tricked user, pop-ups from Windows Media Player, asking for a codec to install, do not appear anymore - creating the false impression that a codec has been successfully installed,” says Trusted Source, adding:
“Of course, this is just the consequence of the malware simply changing the compromised system’s behavior. By infecting the multimedia files, the attackers promote the spreading of their miscreant through (peer-to-peer) file sharing networks. Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream.”
Trend Micro calls the malware “Troj_Medpinch.a,” Secure Computing named it ” “Trojan.ASF.Hijacker.gen” and Kaspersky calls it “Worm.Win32.GetCodec.a,” says Computerworld.
