lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <02d501c60be1$1ad06550$d1422c97@ACER803PFK>
Date: Wed Dec 28 18:58:22 2005
From: eflorio at edmaster.it (Elia Florio)
Subject: Social Eng. with Windows Media Player and Codec
	Download

Here:
hXXp://www.goodmovielaugh.com/video5.html
hXXp://www.good-movie-jokes.com/video5.html

there's some malware/adware that try to use .ASX files as vector
to infect windows machines by forcing users to download and install 
executables.
The trick (not an exploit!!!!) is to convince people that Windows Media 
Player
needs an additional codec....so that users confirm the download of an EXE 
file.

In the page there's a reference for an .ASX file:

<ASX version="3.0">
 <ENTRY>
  <TITLE>Impossibile Trovare il Codec</TITLE>
  <REF HREF="video.avi"/>
  <DURATION VALUE="60:00"/>
  <BANNER HREF="codec-alert.gif">
   <ABSTRACT>Clicca qui per scaricare i codec aggiornati</ABSTRACT>
   <MOREINFO 
HREF="http://www.vcodecreceive.com/download/VideoCodec3_05b_5.exe" />
  </BANNER>
 </ENTRY>
</ASX>

The EXE file downloaded is probably some Download.Trojan or Trojan.Clicker 
packed with Nullsoft NSIS.

EF

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ