IPB

Welcome Guest ( Log In | Register )

5 Pages V  « < 3 4 5  
Reply to this topicStart new topic
New trojan infects audio files and spreads if they're shared, Worm.Win32.GetCodec.a / TROJ_MEDPINCH.A / Trojan.ASF.Hijacker.gen
Slipstreem
post Jul 27 2008, 22:10
Post #101





Group: Members
Posts: 966
Joined: 7-July 06
Member No.: 32660



I would say that "good" is "easily and safely accessible by the masses" personally. Neither any flavour of Linux nor Windows can satisfy both criteria yet, IMHO. smile.gif

Cheers, Slipstreem. cool.gif
Go to the top of the page
+Quote Post
Martin F.
post Jul 29 2008, 04:38
Post #102





Group: Members
Posts: 125
Joined: 15-July 06
From: Germany
Member No.: 32930



QUOTE (2Bdecided @ Jul 22 2008, 15:47) *
It's another plus point to archiving to optical media - the trojan could attack back-up mp3 files on a spare HDD when it was connected to sync

One could mount HDDs as read-only, too …

To topic: I always thought codecs would only be downloaded from Microsoft. Does the installation procedure for this trojan differ from regular codec installations? I wouldn’t expect to see a confirmation window like the one displayed here: http://www.trustedsource.org/dynamic/blog_...MediaPlayer.png


--------------------
FLAC.
Go to the top of the page
+Quote Post
j7n
post Jul 29 2008, 09:14
Post #103





Group: Members
Posts: 813
Joined: 26-April 04
Member No.: 13720



If the read only status depends only on software, one cannot be completely sure.

The problem with these confirmations is that when there are too many of them, the user would no longer pay attention to what's asked there. Also if the trojan horse was called "Windows critical security update.exe", some users could chose to execute it, because they trust Windows.
Go to the top of the page
+Quote Post
smok3
post Jul 29 2008, 09:36
Post #104


A/V Moderator


Group: Moderator
Posts: 1727
Joined: 30-April 02
From: Slovenia
Member No.: 1922



i think it is about:

a. aha, apps are stealing extensions again, nothing unusual for windows
b. extensions are (mostly) very important - they define file-type


--------------------
PANIC: CPU 1: Cache Error (unrecoverable - dcache data) Eframe = 0x90000000208cf3b8
NOTICE - cpu 0 didn't dump TLB, may be hung
Go to the top of the page
+Quote Post
Martel
post Jul 29 2008, 17:07
Post #105





Group: Members
Posts: 553
Joined: 31-May 04
From: Czech Rep.
Member No.: 14430



I think that explicit chmod +x would be too much for a normal Windows user. After all those years of double-clicking the .exe files, you could hardly persuade them that this is an improvement.


--------------------
IE4 Rockbox Clip+ AAC@192; HD 668B/HD 518 Xonar DX FB2k FLAC;
Go to the top of the page
+Quote Post
Squeller
post Jul 29 2008, 18:36
Post #106





Group: Members
Posts: 2351
Joined: 28-August 02
Member No.: 3218



QUOTE (Martel @ Jul 29 2008, 18:07) *
I think that explicit chmod +x would be too much for a normal Windows user. After all those years of double-clicking the .exe files, you could hardly persuade them that this is an improvement.
You want to express Windows has a very wide user base and Linux does not play a role when it comes to audio? ACK.
Smok3: The extension stealing problem has been much worse in the past IMO. Today, applications generally behave friendlier I think.

This post has been edited by Squeller: Jul 29 2008, 18:37
Go to the top of the page
+Quote Post
Lyx
post Jul 29 2008, 19:56
Post #107





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



Technology does not solve human problems - it can only support an already existing human will to change oneself. In other words: Without users being willing to change their mindset, all your tools will be pointless and at worst, just hide problems.
Go to the top of the page
+Quote Post
smok3
post Jul 29 2008, 20:40
Post #108


A/V Moderator


Group: Moderator
Posts: 1727
Joined: 30-April 02
From: Slovenia
Member No.: 1922



QUOTE
The extension stealing problem has been much worse in the past IMO. Today, applications generally behave friendlier I think.

I was simulating an 'average user' tinkering.


--------------------
PANIC: CPU 1: Cache Error (unrecoverable - dcache data) Eframe = 0x90000000208cf3b8
NOTICE - cpu 0 didn't dump TLB, may be hung
Go to the top of the page
+Quote Post
Compact Dick
post Aug 1 2008, 11:56
Post #109





Group: Members
Posts: 160
Joined: 6-April 02
Member No.: 1707



QUOTE (j7n @ Jul 29 2008, 08:14) *
If the read only status depends only on software, one cannot be completely sure.

Even hardware-based write-protection is not foolproof. For example, CHDK [custom Canon firmware] can write to an SD/SDHC card even with the write-protect switch enabled.
Go to the top of the page
+Quote Post
Lyx
post Aug 1 2008, 17:35
Post #110





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE (Compact Dick @ Aug 1 2008, 12:56) *
QUOTE (j7n @ Jul 29 2008, 08:14) *

If the read only status depends only on software, one cannot be completely sure.

Even hardware-based write-protection is not foolproof. For example, CHDK [custom Canon firmware] can write to an SD/SDHC card even with the write-protect switch enabled.

I think you misunderstood him. With hardware-dependent writeprotection, he probably did NOT mean "there is some hardware part in the chain" but instead that the hardware itself (or more specifically the media itself), can directly block access, instead of just saying "please don't do this and that, okay?". If a hardware writeprotection depends on "the software accepting conventions" then it isn't worth its name. Obviously, this can only be achieved if the MEDIA does already manage itself to some degree, so that the media itself can block access, instead of being dependent on the hardware which uses the media.

An example of true media writeprotection, would be physically blocking access to the media.

This post has been edited by Lyx: Aug 1 2008, 17:37
Go to the top of the page
+Quote Post
MedO
post Aug 1 2008, 18:18
Post #111





Group: Members
Posts: 341
Joined: 24-August 05
Member No.: 24095



QUOTE (Compact Dick @ Aug 1 2008, 12:56) *
QUOTE (j7n @ Jul 29 2008, 08:14) *

If the read only status depends only on software, one cannot be completely sure.

Even hardware-based write-protection is not foolproof. For example, CHDK [custom Canon firmware] can write to an SD/SDHC card even with the write-protect switch enabled.

The "write protect"-switch on SD/SDHC cards is just the equivalent of the write protection on compact cassettes or floppy disks. The card doesn't know anything about it, the state has to be sensed and respected by the host (I think the host is violating the specs if it doesn't). This is not a hardware protection. If the write protect switch actually cut the "W/R"-Line of the flashrom chip, that would be pretty much foolproof.

This post has been edited by MedO: Aug 1 2008, 18:19
Go to the top of the page
+Quote Post
LaserSokrates
post Aug 2 2008, 16:32
Post #112





Group: Members
Posts: 127
Joined: 9-March 06
From: NRW, Germany
Member No.: 28371



About the write-protection issue: on usb-flash-devices, the controller that acually writes the data is in the stick itself. So, a write-protection should be possible.
Go to the top of the page
+Quote Post
j7n
post Aug 3 2008, 02:25
Post #113





Group: Members
Posts: 813
Joined: 26-April 04
Member No.: 13720



I unsuccessfully tried to hunt down an USB stick with a R/O switch to safely use on other ppl's potentially infected computers. But apparently this type of modification is much less popular than encryption and frontends for portable applications.
Go to the top of the page
+Quote Post
Light-Fire
post Aug 3 2008, 04:28
Post #114





Group: Members
Posts: 420
Joined: 5-August 06
From: Canada
Member No.: 33645



QUOTE (Compact Dick @ Aug 1 2008, 05:56) *
QUOTE (j7n @ Jul 29 2008, 08:14) *

If the read only status depends only on software, one cannot be completely sure.

Even hardware-based write-protection is not foolproof. For example, CHDK [custom Canon firmware] can write to an SD/SDHC card even with the write-protect switch enabled.


Because of bad hardware design.
Go to the top of the page
+Quote Post
dissociative
post Aug 3 2008, 13:39
Post #115





Group: Members
Posts: 30
Joined: 5-January 07
Member No.: 39316



QUOTE (JunkieXL @ Jul 17 2008, 16:55) *
Based on the behaviour you reported for this malware, I can only see this effecting people that are very computer illiterate or just plain stupid.


In those times I sometimes ask myself if there's difference between both categories.
Go to the top of the page
+Quote Post
Martel
post Aug 4 2008, 15:30
Post #116





Group: Members
Posts: 553
Joined: 31-May 04
From: Czech Rep.
Member No.: 14430



QUOTE (dissociative @ Aug 3 2008, 04:39) *
QUOTE (JunkieXL @ Jul 17 2008, 16:55) *

Based on the behaviour you reported for this malware, I can only see this effecting people that are very computer illiterate or just plain stupid.


In those times I sometimes ask myself if there's difference between both categories.

Knowledge is a complement to intelligence, not it's substitute.


--------------------
IE4 Rockbox Clip+ AAC@192; HD 668B/HD 518 Xonar DX FB2k FLAC;
Go to the top of the page
+Quote Post
jido
post Aug 13 2008, 12:31
Post #117





Group: Members
Posts: 246
Joined: 10-February 04
From: London
Member No.: 11923



QUOTE (LaserSokrates @ Jul 25 2008, 04:26) *
IMHO, this is getting ridiculous. You don't go skiing without training. You mustn't drive a car without a license. But most people who buy a PC, a device so powerful so and advanced, and they think they could just use it. Everyone is "studid" when he/she does something for the first time. But most PC users don't try to change that. The results are topics like this one or the W32.Blaster story. If the first version of that worm hadn't been coded so badly, consequences would have been much worse. Most users didn't even know that this behaviour was caused by a virus, that it could be aborted with shutdown -a, and that a patch from MS, that had been out for quite some time when Blaster was recent, existed.

This is silly. People don't buy a computer to have one more worry at home, they just want to use it for stuff computers can do. Like going on Internet, playing music....

Why should they have to learn anything beyond operating the thing?

Answer: because the operation is deficient. It does things that the user did not really ask for, and does not really understand, like running a script when you try to play a music file.

So there is a paradox: we want machines that do more things than we need, because it gets frustrating otherwise, but we need machines that do only what we want, which is very unlikely in this age of automatic updates and other niceties.
Go to the top of the page
+Quote Post
Paul Sanders
post Sep 18 2008, 18:37
Post #118





Group: Members
Posts: 104
Joined: 19-May 08
From: UK (London-ish)
Member No.: 53626



QUOTE (CiTay @ Jul 17 2008, 23:02) *
Well, so i thought myself. Until a friend of mine, whom i set up his PC for personally - including installing Antivirus software, Firefox and so forth - installed a different fake codec a while ago, infecting himself with some trojan. He is your average PC user, far from being PC illiterate or stupid. He was just not aware of the dangers when he installed that. I think that outside a minority of users who really know about all the dangers implied with internet use, the vast majority of people have no idea that such a codec download could lead to a trojan infection. They probably think it's just another notice, like a new Java version, flash player, or whatever else pops up these days.

Hear hear! I think this is one of the more insidious ways of spreading a virus, trojan or whatever it is that I have heard of recently, although I did hear tell of one embedded in an (electronic!) photo frame. Most people think that MP3 files are totally safe. Indeed I did, until 5 minutes ago. You've got me worried now... unsure.gif

Of course people shouldn't download codecs, active X controls (bletch) or any other form of executable that they don't trust. But how do they know what to trust? If WINDOWS Media Player says go for it, most people will do so. *Everything* (executable) should be digitally signed, but whether this applies to codecs I don't actually know.

Paul Sanders
http://www.alpinesoft.co.uk

This post has been edited by Paul Sanders (AlpineSoft): Sep 18 2008, 18:41


--------------------
I am an independent software developer (VinylStudio) based in UK
Go to the top of the page
+Quote Post
d_headshot
post Feb 1 2009, 08:54
Post #119





Group: Members
Posts: 193
Joined: 28-September 08
Member No.: 58729



How can you tell if you have this worm? I'm sure AVG has it in the virus database but I've scanned my computer and thankfully no obvious trojans exist in my laptop. But incase it isn't recognized by AVG, is there a way to tell if you have this worm?
Go to the top of the page
+Quote Post
pdq
post Feb 1 2009, 14:08
Post #120





Group: Members
Posts: 3375
Joined: 1-September 05
From: SE Pennsylvania
Member No.: 24233



The way that you are infected is when you attempt to play a "mp3" file in WMP and it tells you that you need to install software to play it. If this has never happened to you, or if you did not install software when prompted, then your computer is not infected.

The other clue is that these files actually contain WMA data, and most players will refuse to play them because of the mp3 extension.
Go to the top of the page
+Quote Post
hlloyge
post Feb 2 2009, 01:35
Post #121





Group: Members
Posts: 695
Joined: 10-January 06
From: Zagreb
Member No.: 27018



QUOTE (Lyx @ Jul 25 2008, 11:10) *
Interesting. Please explain to me how IE will run something without me doing anything. (BTW: Since i am "smart", i of course dont have outlook, nor do i use a mail client which uses its engine - same for scripting host, scheduler, addressbook, etc.).


Sorry to answer this lately, forgot about this thread.

Buffer overrun. Many applications uses IE engine to display it's contents, not just Microsoft's. And it doesn't have to be IE to do that, unpatched Firefox, Opera, or just any software that uses internet connection could possibly be vulnerable to some exploit. All you will see is that window informing that software has crashed, send/don't send. When you next start your computer, the whole windows will run in "virtual machine", and you won't know nothing about it.
Or do you think that companies update their software only to add new gadgets? They are (mostly) patching security holes. Some are benign, some are very dangerous. Windows itself isn't the only source of bad software holes.
Go to the top of the page
+Quote Post

5 Pages V  « < 3 4 5
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 31st July 2014 - 06:05