Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [security] Social Eng. with Windows Media Player and Codec Download
From: Marco Ermini <markoer () markoer org>
Date: Tue, 3 Jan 2006 17:44:10 +0100

On 12/28/05, Elia Florio <eflorio () edmaster it> wrote:
Here:
hXXp://www.goodmovielaugh.com/video5.html
hXXp://www.good-movie-jokes.com/video5.html

there's some malware/adware that try to use .ASX files as vector
to infect windows machines by forcing users to download and install
executables.
The trick (not an exploit!!!!) is to convince people that Windows Media
Player
needs an additional codec....so that users confirm the download of an EXE
file.
[...]
The EXE file downloaded is probably some Download.Trojan or Trojan.Clicker
packed with Nullsoft NSIS.
[...]

It was classified as "Trojan-Clicker.Win32.Bomka.a"


Cheers
--
Marco Ermini
Dubium sapientiae initium. (Descartes)
root () human # mount -t life -o ro /dev/dna /genetic/research
(This message is for the designated recipient only and may contain
privileged or confidential information. If you have received it in
error, please notify the sender immediately and delete the original.)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: [security] Social Eng. with Windows Media Player and Codec Download Marco Ermini (Jan 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]