IPB

Welcome Guest ( Log In | Register )

5 Pages V  < 1 2 3 4 5 >  
Reply to this topicStart new topic
New trojan infects audio files and spreads if they're shared, Worm.Win32.GetCodec.a / TROJ_MEDPINCH.A / Trojan.ASF.Hijacker.gen
j7n
post Jul 20 2008, 13:06
Post #51





Group: Members
Posts: 813
Joined: 26-April 04
Member No.: 13720



What does downloading of music and the speed of your network have to do with Windows Media Player?

This post has been edited by j7n: Jul 20 2008, 13:07
Go to the top of the page
+Quote Post
Gabriel
post Jul 20 2008, 17:57
Post #52


LAME developer


Group: Developer
Posts: 2950
Joined: 1-October 01
From: Nanterre, France
Member No.: 138



QUOTE (Axon @ Jul 19 2008, 20:28) *
QUOTE (Gabriel @ Jul 19 2008, 02:18) *

I am sorry, but I think this is really related to user permissions. A limited user can not install any codec on a Windows box, the process just fails and the shell (explorer) tells the user that he doesnt' have enough privileges to do this.
At which point the user will type in the admin password and nothing of substance will have been secured.

Of course, if it happens this way, there is an obvious security issue. Installations should always be manual, and not run from another piece of software. A dialog box asking for admin login/password information from within another software seems highly suspicious (well, at least to me).


QUOTE (Axon @ Jul 19 2008, 20:28) *
You're not getting it. Reducing user permissions on a single-user system solves nothing. It's meaningless. It may keep badly written malware out, but it is of no benefit to the state of the art that exists today or in the future.

Then why is it the default setup of OSX and several Unixes? To me this reduces risk a lot, as the computer can then still be cured/inspected from the administrative account. Any other proposition about how to handle that? (for any piece of software, not specifically WMP)

(btw there are not that many computer that should really be "single user", even in homes there are often several people using a single computer)
Go to the top of the page
+Quote Post
Lyx
post Jul 20 2008, 19:39
Post #53





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE (Gabriel @ Jul 20 2008, 18:57) *
(btw there are not that many computer that should really be "single user", even in homes there are often several people using a single computer)

"User Accounts" are a half-assed approach to multiuser environments though, because the idea comes back from times, where HD-space was an issue. They try to seperate apps, from settings and media and do not employ any actual external security (all the security is only OS-internal - as soon as you access the storage from another software, you have full unlimited access). It is this half-assed approach plus stupid stuff like "centralized setting-storages" like registry, which to a large extend is responsible for all the complexity, problems and buerocracy in nowadays OSes.

The truth is that interface-level, app-level and media-level security and multiuser-support doesn't even need hardwired OS support! Check this out:

- All data except of OS and driver stuff is stored in encrypted filesystem images (truecrypt anyone?)
- This includes the user-environment which is just a "portable" application stored in that image (partially possible already).
- It also includes the applications, which are stored in that image, including their settings (portable apps do that already)
- And of course the users media
- multiple of such filesystem images can be mounted at the same time. Thus you can for example also mount an encrypted USB-stick or external HDD and then access it - if you know the PW.
- Thus, the OS doesn't even need to know "who" is currently using the PC. Users manage their privacy and security themselves simply by mounting/unmounting their encrypted images.
- User runs with very low access rights to the OS. Thus, he can do whatever he wants inside his images, but cannot damage the OS..... unless he knows the pass to elevate his rights. Interestingly, although he runs at such low privileges, he isn't constantly bothered with access-limitations, because he only needs to elevate his rights if he wants to do something to the OS.
- The OS automatically forbids any modification of unmounted images, unless one elevates ones access rights (thus, any app-level security breach can only affect the currently mounted images).
- add some mechanism to shield password entering during mounting from app-level keyloggers.

What you get:
- all the security of nowadays systems, and significantly more, without all the hassle
- no setups, package-managers, installations or deinstallations (except of just more comfortable "extractors"). Thus, also none of the downsides associated with those.
- easy backups of your data (just copy the image-file(s) and done!)
- full portability of apps, settings and data - from anywhere to anywhere.
- true privacy.... no centrally logged usage-data, own apps and media are internally and externally unaccessable. No worries about recovery of deleted data (as long as your image-encryption isn't broken)
- various niceties for corporate environments
Go to the top of the page
+Quote Post
caligae
post Jul 20 2008, 20:07
Post #54





Group: Members
Posts: 186
Joined: 23-January 02
Member No.: 1132



QUOTE (Lyx @ Jul 20 2008, 20:39) *
The truth is that interface-level, app-level and media-level security and multiuser-support doesn't even need hardwired OS support! Check this out:


Some interesting points although I don't agree with all your ideas.

To stay on-topic: Your concept would not have helped very much with the described trojan. Except for affecting only a single user on the system.
Go to the top of the page
+Quote Post
Lyx
post Jul 20 2008, 20:24
Post #55





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE (caligae @ Jul 20 2008, 21:07) *
To stay on-topic: Your concept would not have helped very much with the described trojan. Except for affecting only a single user on the system.

Which is impossible to solve without simply not installing software which behaves like WMP. Not even per-application access-restrictions would help here, because the player MUST have access to your audio-media - else it couldn't play it. The only sane solution is to simply not trust untrustworthy applications. The environment may restrict the damage, but there is no way around the simple logic, that if you give an app write-access to certain files, then it can write to them however it likes - if the app is malware-happy, then you shouldn't have given it that access in the first place.
Go to the top of the page
+Quote Post
shadowking
post Jul 21 2008, 01:46
Post #56





Group: Members
Posts: 1523
Joined: 31-January 04
Member No.: 11664



Like gabriel said, windows illness is because of everyone is admin. Drop access rights of browsers media players etc and 85 % of problems will go away even without an antivirus. The other thing is that there is no package management so you are never really secure.

Vista tries to remedy the issue to an extent. With XP pro try LUA accounts + sudowin and dropmyrights for XP home.


--------------------
Wavpack -b450
Go to the top of the page
+Quote Post
prankstare
post Jul 21 2008, 05:29
Post #57





Group: Members
Posts: 94
Joined: 13-July 03
From: Brazil
Member No.: 7733



Sweet Jesus! That's why I never trust any automated downloading instructions coming from any programs (in this case the missing codec tip). Except those "new version/upgrade" messages, perhaps not even that.


PS: Good point, 2Bdecided. I too agree with you it's not the average user who takes the blame here, or anywhere or anything. The problem really lies under those "demented" minds that think they know something and go make other lives miserable. Well, sometimes they really are brilliant minds in terms of intelligence, knowledge but look at what they use their brains for. It's totally devastating to see how there's so many remarkable minds but taking their knowledge for granted when they could very well be using it for real good things (and am not just talking about softwares, computers, etc). One don't need to know it all but only what they find it's important to them (if I decided to spend my money on a computer just as a 'pastime' hobby - you know, after stressed out from work - is there anything wrong with that? As long as I properly paid for the bloody machine).


QUOTE ("2Bdecided")
I love the naive geek mentality in this thread that people deserve to be punished for using WMP. I know some true nerds find it impossible to grasp, but some "normal" people actually buy computers to do things beyond maintaining the computer itself!
Go to the top of the page
+Quote Post
Ojay
post Jul 21 2008, 13:34
Post #58





Group: Members
Posts: 57
Joined: 30-September 06
Member No.: 35783



QUOTE (Canar @ Jul 18 2008, 00:09) *
This trojan transcodes files? Truly the work of an evil, evil mind... ph34r.gif


Yes, and not just one file but the whole audio collection on your hard disk. sick.gif

Maybe a software tool will be released later that will remove the malicious code ... and will offer the users the opportunity to change the extension of affected files from .mp2/.mp3 to .wma ... and so WMA will be the upcoming standard audio format on the web in one year or two - just let the Trojan spread and spread and spread.... yeahright.gif ... and as we all know (also from all the discussions in this thread) - it will do so...

That - finally - will be the boost the WindowsMediaAudio format urgently needs....

This post has been edited by Ojay: Jul 21 2008, 13:37
Go to the top of the page
+Quote Post
smok3
post Jul 21 2008, 17:03
Post #59


A/V Moderator


Group: Moderator
Posts: 1726
Joined: 30-April 02
From: Slovenia
Member No.: 1922



i agree about UA in win (xp at least), but i don't get this:

QUOTE
At which point the user will type in the admin password and nothing of substance will have been secured.


so a user will press play and then for some reason type in an admin pass - yes, i have to be admin to listen to the music?


--------------------
PANIC: CPU 1: Cache Error (unrecoverable - dcache data) Eframe = 0x90000000208cf3b8
NOTICE - cpu 0 didn't dump TLB, may be hung
Go to the top of the page
+Quote Post
PatchWorKs
post Jul 22 2008, 09:00
Post #60





Group: Members
Posts: 498
Joined: 2-October 01
Member No.: 168



QUOTE (Mr_Rabid_Teddybear @ Jul 20 2008, 00:46) *
Oh how much simpler my life has become since I switched to Linux. Will never look back... biggrin.gif Tra-la-la-la-la... I sing every day...!


I'll never switch my workstation into a server.

I'm just waiting for the upcoming Haiku and the future ReactOS.
Go to the top of the page
+Quote Post
smok3
post Jul 22 2008, 09:21
Post #61


A/V Moderator


Group: Moderator
Posts: 1726
Joined: 30-April 02
From: Slovenia
Member No.: 1922



i wonder when it will be possible to install say adobe video bundle onto react-os, or all this devs expect silly users that are just happy with open-office & firefox in their lives?


--------------------
PANIC: CPU 1: Cache Error (unrecoverable - dcache data) Eframe = 0x90000000208cf3b8
NOTICE - cpu 0 didn't dump TLB, may be hung
Go to the top of the page
+Quote Post
Lyx
post Jul 22 2008, 09:38
Post #62





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE (smok3 @ Jul 22 2008, 10:21) *
i wonder when it will be possible to install say adobe video bundle onto react-os, or all this devs expect silly users that are just happy with open-office & firefox in their lives?

I dont understand your question. ROS aims for full binary compatibility. It also clearly states, that it is currently far from that, architecturally incomplete and in alpha-state. So no, ROS-Devs do not expect development to stop in the near future.

As for BeOS.... i find the architecture VERY interesting... but i'm not sure if haiku will be efficient in practice.... at least in the near future...... mostly because of lack of software.

This post has been edited by Lyx: Jul 22 2008, 09:39
Go to the top of the page
+Quote Post
shadowking
post Jul 22 2008, 10:08
Post #63





Group: Members
Posts: 1523
Joined: 31-January 04
Member No.: 11664



QUOTE (PatchWorKs @ Jul 22 2008, 18:00) *
QUOTE (Mr_Rabid_Teddybear @ Jul 20 2008, 00:46) *

Oh how much simpler my life has become since I switched to Linux. Will never look back... biggrin.gif Tra-la-la-la-la... I sing every day...!


I'll never switch my workstation into a server.

I'm just waiting for the upcoming Haiku and the future ReactOS.


The NT codebase is a server OS and home / pro / server editions are the same beast. Win 9x could be considered the real home edition.


--------------------
Wavpack -b450
Go to the top of the page
+Quote Post
Northpack
post Jul 22 2008, 12:59
Post #64





Group: Members
Posts: 455
Joined: 16-December 01
Member No.: 664



QUOTE (Lyx @ Jul 18 2008, 16:19) *
And no, i have no pity for those "poor noobs".... not because they are noobs, but because they are unwilling to do something about their noobness - they want to use something without understanding it - permanently.... exactly the target audience, which created this kind of "market". And with this noobness, i do not just mean indepth tech knowledge, but more specifically a mindset which is investigative and self-determined - simple observations, asking questions like "is this trustworthy?" and taking consequences. It doesn't take years to get that microsoft products are not trustworthy.... if one does already - for practical reasons - use an MS OS, then at least keep the amount of additional MS apps down. Computers are not for everyone, because they are powerful and networked.... without the required responsibility, you get a marked of slaves-by-choice... and where there are slaves, there will be abuse.


I get you point, Lyx, but do you really think that's any new? Regarding computer technology it's just another consequent step in a long determined development. We talk about a mentality which is rooted in the very fundament of western-scientific culture. Remember the greek myth about Prometheus stealing the fire from the Gods and Zeus' revenge in shape of Pandora's box. As man began to utilitize fire instead of just staring at it in awe, he was still sensible enough to cultivate a sense of his outrage. But this sensiblity vanished, at the latest, with the rise of modern scientific self-confidence.
Nowadays, we are proud to know about the nature of fire, but plug our lamps and computers into the socket without generally thinking about how the energy is brought to the wire (now we got Castor to take care of Pandora's box, but he's but a mortal...). And honestly - we can't. The very mode of scientific progress is utilization. Our world is a world of utility and the intrinsic complexity of these utilities, which we inescapably depend on, is ever growing. Alienation is the price to pay for any progress. Now geek's like us gladly pay that price. But not everyone can afford such a privation - and why should they? It's knowledge without any vital importance for them. No one has the capacity to be investigative in all the techniques he daily utilitizes. You can't be an expert on everything. Most people ain't experts on computer technology - yet they are culturally impelled to utilitize it. Technology creates necessity, but people create technology. Thus taking part in the development of technology is a matter of highest responsibility. Great scientist always knew about that. Companys like Microsoft obviously do not. So either you have blame them or, to be fundamental, you have to blame the overall modern scientific mind - but when you do so, you can't point at anyone other, because you are into that mind yourself (well, I don't suppose you're an Indian Yogi, are you? tongue.gif).

This post has been edited by Northpack: Jul 22 2008, 13:23
Go to the top of the page
+Quote Post
Lyx
post Jul 22 2008, 13:46
Post #65





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE (Northpack @ Jul 22 2008, 13:59) *
No one has the capacity to be investigative in all the techniques he daily utilitizes. You can't be an expert on everything. Most people ain't experts on computer technology - yet they are culturally impelled to utilitize it.

This is a popular misunderstanding, caused by a typical western tendency to think in one-dimensional extremes (Boolean XOR). With well designed tools, it is not necessary to be an "expert" to use them powerfully and responsible. In the case of applications, i don't need exactly know HOW it works... i just need to understand the overall underlying meanings and relationships associated with them. I.e. knowing the difference between executable code and media. Knowing that whatever i can do, an application can do as well. Understanding basic stuff about trust. Almost no average user understands ANY of those things! I am not saying that only "geeks" should use computers. I am saying that only people who understand the basic overall principles in computing should use computers. Todays average PC users isn't just "not an expert" - he has no fucking clue about anything... he doesn't even know the difference between data stored on the internet, and data stored on his computer! He is simply a slave which obeys commands which the software gives him. He doesn't observe, doesn't think, doesn't understand, doesn't decide... he is a robot executing commands - an application which will do anything which it is told by anyone and anything.... he is literarily the most insecure application ever developed!

- Lyx

P.S.: From a wider POV, this isn't just an issue with western scientific mentality. It's related to the mentality of the entire society: People do not want to make decisions - they just want to function by letting others decide for them. In this case, the application - ANY application - decides for the user. Have you ever seen such a user getting into a conflict, by multiple apps giving the user contradictory commands? They do not investigate which is right... they don't even ask themselves "whom can i trust?".... they just panic and ask "what am i supposed to do?".

This post has been edited by Lyx: Jul 22 2008, 14:01
Go to the top of the page
+Quote Post
GeSomeone
post Jul 22 2008, 14:39
Post #66





Group: Members
Posts: 921
Joined: 22-October 01
From: the Netherlands
Member No.: 335



QUOTE (Lyx @ Jul 18 2008, 18:19) *
And no, i have no pity for those "poor noobs".... not because they are noobs, but because they are unwilling to do something about their noobness ...

So how should N00bs educate themselves if the word is not spread about what is dangerous and what not? Your remark have a distict "Elite" smell.
Go to the top of the page
+Quote Post
2Bdecided
post Jul 22 2008, 14:47
Post #67


ReplayGain developer


Group: Developer
Posts: 5059
Joined: 5-November 01
From: Yorkshire, UK
Member No.: 409



I'm hardly a "clueless n00b", but until discovering this, I've always let Windows Media Player grab whatever codecs it wants. As something "integrated" into Windows, I assumed it was going to a trusted Microsoft service (just like I assume Windows Update does), and assumed it was more safe than (hypothetically) downloading an unknown obscure media player, which, IME, have often been buggy, bundled with spyware, and sometimes conflicted with other codecs on my system.

Still, the point of this thread is to inform. I'm now informed that this is a threat, and will warn everyone I know.

It's another plus point to archiving to optical media - the trojan could attack back-up mp3 files on a spare HDD when it was connected to sync; it would struggle to attack those burnt to DVD-R. Shame - I've more or less given up on DVD-R for backup, and will now have to consider it again.

Cheers,
David.
Go to the top of the page
+Quote Post
washu
post Jul 22 2008, 14:56
Post #68





Group: Members
Posts: 135
Joined: 16-February 03
From: Ottawa
Member No.: 5032



QUOTE (2Bdecided @ Jul 22 2008, 09:47) *
I'm hardly a "clueless n00b", but until discovering this, I've always let Windows Media Player grab whatever codecs it wants. As something "integrated" into Windows, I assumed it was going to a trusted Microsoft service (just like I assume Windows Update does), and assumed it was more safe than (hypothetically) downloading an unknown obscure media player, which, IME, have often been buggy, bundled with spyware, and sometimes conflicted with other codecs on my system.


As far as I'm aware, Windows Media Player can only grab codecs from an approved Microsoft site. It cannot get codecs from any site directly. What this trojan does is instruct WMP to open a web browser to the download site. One more step, but an important distinction.
Go to the top of the page
+Quote Post
Lyx
post Jul 22 2008, 15:39
Post #69





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE (GeSomeone @ Jul 22 2008, 15:39) *
QUOTE (Lyx @ Jul 18 2008, 18:19) *

And no, i have no pity for those "poor noobs".... not because they are noobs, but because they are unwilling to do something about their noobness ...

So how should N00bs educate themselves if the word is not spread about what is dangerous and what not? Your remark have a distict "Elite" smell.

"Not spreading a specific kind of info on THIS platform" != "Not spreading a specific kind of info on ANY platform"

I dont care how sentences "smell" to you. You are responsible for your interpretations.
Go to the top of the page
+Quote Post
Lyx
post Jul 22 2008, 16:10
Post #70





Group: Members
Posts: 3353
Joined: 6-July 03
From: Sachsen (DE)
Member No.: 7609



QUOTE
I'm hardly a "clueless n00b", but until discovering this, I've always let Windows Media Player grab whatever codecs it wants. As something "integrated" into Windows, I assumed it was going to a trusted Microsoft service (just like I assume Windows Update does), and assumed it was more safe than (hypothetically) downloading an unknown obscure media player, which, IME, have often been buggy, bundled with spyware, and sometimes conflicted with other codecs on my system.

Ignoring the validity of those statements, there's a useful implied question in this: What to do about this - what are the alternatives?

For videos, i'd say there are at least two app, which are significantly more trustworthy than WMP and which aren't too complicated to use. Both however are not "eye-candy" (no skinned interface).

The first most obvious choice is "Media Player Classic". It uses the codecs on the system and from my experience does not execute active scriptcode in mediafiles. It's interface is also quite easy to use (more easy than WMP i'd say) - but it does not automatically download codecs, nor does it do that manually. It by the way is also capable of playing quicktime and real mediafiles, if you have "quicktime alternative" and "real alternative" installed - though, in my experience the support for those two mediatypes doesn't feel stable (feels like lots of wrapper-hacks).

The second - and in my opinion most interesting alternative, is SMplayer. This is a rather clean and simple frontend to mplayer. The interface is also quite similiar to media player classic. Most settings are also easily accessible. And the best part: It is not dependent on system codecs! It uses its own codecs which - if you add the full package - can play almost everything, INCLUDING quicktime and real stuff! Because of this, there also are no codec conflicts, and you will never need to download codecs (at least not for trustworthy mediafiles). This is a simple and clean mediaplayer which can truely completely replace all other video-mediaplayers on your system. It's two most obvious flaws currently are: If a video crashes, then only the frontend will terminate, leaving a zombie mplayer-process running which needs to be killed via taskmanager. The second main downside is that if you want widescreen stretching of videos (thus, ignoring aspect ratio) then this cannot be done comfortably - you need to add certain switches to the "mplayer commandline options" in the preferences.
Go to the top of the page
+Quote Post
2Bdecided
post Jul 22 2008, 16:30
Post #71


ReplayGain developer


Group: Developer
Posts: 5059
Joined: 5-November 01
From: Yorkshire, UK
Member No.: 409



I use VLC. I'm not a fan of it, it's just the least bad thing I've found.

FWIW I just tried SMPlayer - it can't deinterlace HDV in real time on my PC (VLC, not known for being fast, can do this easily). It can't play back DV AVI files at all - it just crashes (this must be some obscure bug/interaction because I can't imagine them releasing it with broken DV AVI support knowingly, but everything else on my system can play them!). SMplayer is fine with WMV though - better than VLC (on my system).

I'm not saying Window Media Player is "better" than what you've suggested - by my experience illustrates (and confirms!) finding something "better" can turn into a wild goose chase.

(I already have MediaPlayerClassic and use it for DV at home - it respects DV AVI aspect ratios, which not many other programs do).

Cheers,
David.

This post has been edited by 2Bdecided: Jul 22 2008, 16:33
Go to the top of the page
+Quote Post
j7n
post Jul 22 2008, 16:36
Post #72





Group: Members
Posts: 813
Joined: 26-April 04
Member No.: 13720



Actually Media Player Classic also has own codecs for most formats. Each decoder can be enabled independently.

However, MPlayer is the only program that will play Windows Media formats satisfactory (apart from Windows itself).
Go to the top of the page
+Quote Post
JunkieXL
post Jul 22 2008, 17:50
Post #73





Group: Members
Posts: 359
Joined: 3-April 05
Member No.: 21165



Windows Media Classic works well. I would recommend you install ffdshow if you plan on using it though... You can use this one simple application to decode just about any media type; both audio and A/V as well as many other very useful features. I'd recommend everyone check it out.

Sourceforge: ffdshow
JXL

edit: corrected some typos

This post has been edited by JunkieXL: Jul 22 2008, 17:52
Go to the top of the page
+Quote Post
2Bdecided
post Jul 22 2008, 18:24
Post #74


ReplayGain developer


Group: Developer
Posts: 5059
Joined: 5-November 01
From: Yorkshire, UK
Member No.: 409



IME relying on ffdshow for "decoding just about any media type" is hardly a crash-free experience. Maybe I'm unlucky!

Cheers,
David.

This post has been edited by 2Bdecided: Jul 22 2008, 18:25
Go to the top of the page
+Quote Post
JunkieXL
post Jul 22 2008, 19:25
Post #75





Group: Members
Posts: 359
Joined: 3-April 05
Member No.: 21165



I use it primarily for h.264 A/V media in conjunction with the modified windows media classic player and it has always worked well for me.
JXL
Go to the top of the page
+Quote Post

5 Pages V  < 1 2 3 4 5 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 25th July 2014 - 01:09