Windows Media Player DRM Exploit II

muckshifter

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,751
Reaction score
1,209
by; David H. Lipman
I don't know how many of you know about this one.

I have been seeing a rise in a new way to get you infected with malware. It actually isn't
too new. It is almost two years old. However its use is rising and may become more
prevalent in the coming months.

Here's the deal.

I am seeing new Social Engineering posts in the alt.binaries.* News Groups.
Instead of directly attaching malware, these posts are exploiting the Windows Media Player
DRM.

Being posted are WMV files and when you play the WMV files you have to agree to a EULA and
when you click on "Play Now" it will download SETUP.EXE from static.zangocash.com the EXE
is a malware installer for Zango/180Solutions.

The SETUP.EXE file is fairly well recognized such as;
Ewido: Adware.180Solutions and
Kaspersky: not-a-virus:AdWare.Win32.180Solutions.as

The WMVs are not so well recognized but here is a sampling...

AntiVir -- EXP/WMV.A.1 , EXP/WMV.A.2
AVG -- Downloader.Wimad.B
BitDefender -- Trojan.Wimad.A
Ewido -- Downloader.Wimad.h
Fortinet -- W32/WIMAD.C!tr
Ikarus -- Trojan-Downloader.WMA.Wimad.h
Kaspersky -- Trojan-Downloader.WMA.Wimad.h
UNA -- TrojanDownloader.WMA.Wimad.D7FF

Some of these WMVs are too large to submit as their sizes surpass the maximum submission
size set by the anti malware vendors.

{ I originally Cross-Posted this to microsoft.public.security.virus but the News Server
filters blocked the original post. I am reposting this for those who just read the MS News
Server }

--
Dave
Click to expand...
My thanks to Dave ...

user.gif
 
Cheers for that Muck's....Tis unusual as the newsgroups only usually let you post files of a certain type, but i suppose it is easy to let them slip the net so to speak...But i will keep my eyes peeled from now on....:thumb:
 
Who the hell around here reads the MS News Servers ... ;)

No, It ain't the done thing, but I am one of those that don't really comply to The 'ethics' when dealing with infestations.

Any post on PCReview's forums, or sister forums, becoms the property of PCReview. :D


user.gif
 
Back
Top