Security firm TrustedSource reports that a new trojan has been identified that infects multi-media files on Windows computers.
The malware embeds malicious content into multimedia files based on the Advanced Systems Format (ASF), a widely used format for video and audio content such as MP3 and WMA music files, WMV video files and others. When trying to play back the infected files, the user can be tricked into believing a codec is needed to play back the content. When downloading the advertised fake codec, the user would end up installing malware instead.
By infecting the multimedia files, the attackers are using (peer-to-peer) file sharing networks to spread Windows malware. Windows users downloading from P2P networks should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream.
One of the media file infector’s capabilities is to also convert MP2 and MP3 files (MPEG-1) into Windows Media Audio (WMA) files. The malware injects a malicious command into any such ASF files on the victim’s harddisk, causing Windows Media Player to redirect to a malicious resource on the Web (the fake codec).
As soon as the multimedia file is played back and the fake codec is being run by a tricked user, pop-ups from Windows Media Player, asking for a codec to install, do not appear anymore - creating the false impression that a codec has been successfully installed.