Technorati
Digg
Delicious
Reddit
Newsvine
StumbleUpon
Buzz
Blinklist
Mixx
Google
Dirty downloads, online music users warned of Trojan
Hi there,
Millions of music and movie files are potentially under threat from a Trojan which alters file codes and causes Windows Media Player to access a malicious URL when the files are played, resulting in more malware being downloaded on to the compromised computer.
With people increasingly keeping their music collections on their computers – often not backed up due to the size of the libraries – the impact of this threat could be significant and devastating.
Over the last week, Symantec has observed an increase in the number of computers affected by Trojan.Brisv.A. It infects .asf, .mp2, .mp3, .wma and .wmv movie and music files.
In a further twist to the Trojan’s payload, all .mp2 and .mp3 files found on the computer are converted to the Windows Media Audio (WMA) format. This creates problems for security researchers writing software to remove the infected code from the files and restore them to their previous states. It is difficult to ascertain which files contain legitimate Digital Rights Management code and which have been modified by the Trojan, which makes cleanup that much more challenging.
The authors of this threat disregard the problems that modifying users’ media files may cause, focusing only on their primary goal: to install more malware on to the computer.
In many cases users will be unaware that their media files have been infected and may continue to share them – legally or illegally – causing further dissemination of the threat.
Users are urged to ensure that their virus definitions are kept up-to-date to protect against possible future variants of this threat.
Symantec has produced a tool to remove the Trojan and clean the infected media files, which is available here. Users should be aware that while it is able to remove the Trojan and repair infected media files, the removal tool will not prevent reinfection.
For more information about this Trojan please visit Symantec’s Response Blog:
https://forums.symantec.com/t5/Malicious-Code/Sharing-Isn-t-Always-Caring/ba-p/386710;jsessionid=1954A58CCDFE8DF4F162790568E4CAC8#A238
If you would like to speak to Symantec, please do not hesitate to contact symantec@bitepr.com or call 0208 834 3504.
Kind regards,
Holly
Millions of music and movie files are potentially under threat from a Trojan which alters file codes and causes Windows Media Player to access a malicious URL when the files are played, resulting in more malware being downloaded on to the compromised computer.
With people increasingly keeping their music collections on their computers – often not backed up due to the size of the libraries – the impact of this threat could be significant and devastating.
Over the last week, Symantec has observed an increase in the number of computers affected by Trojan.Brisv.A. It infects .asf, .mp2, .mp3, .wma and .wmv movie and music files.
In a further twist to the Trojan’s payload, all .mp2 and .mp3 files found on the computer are converted to the Windows Media Audio (WMA) format. This creates problems for security researchers writing software to remove the infected code from the files and restore them to their previous states. It is difficult to ascertain which files contain legitimate Digital Rights Management code and which have been modified by the Trojan, which makes cleanup that much more challenging.
The authors of this threat disregard the problems that modifying users’ media files may cause, focusing only on their primary goal: to install more malware on to the computer.
In many cases users will be unaware that their media files have been infected and may continue to share them – legally or illegally – causing further dissemination of the threat.
Users are urged to ensure that their virus definitions are kept up-to-date to protect against possible future variants of this threat.
Symantec has produced a tool to remove the Trojan and clean the infected media files, which is available here. Users should be aware that while it is able to remove the Trojan and repair infected media files, the removal tool will not prevent reinfection.
For more information about this Trojan please visit Symantec’s Response Blog:
https://forums.symantec.com/t5/Malicious-Code/Sharing-Isn-t-Always-Caring/ba-p/386710;jsessionid=1954A58CCDFE8DF4F162790568E4CAC8#A238
If you would like to speak to Symantec, please do not hesitate to contact symantec@bitepr.com or call 0208 834 3504.
Kind regards,
Holly