Trojans in MP3’s
Posted by eileenb on May 14, 2008
Oh heck. I need to phone my friend June after her PC became infested with worms and trojans the other week. McAfee have reported that trojans are hiding in MP3 files (there’s a really great and informative blog post on the site by the way)
Her reaction?
No – they wouldn’t download any Girls Aloud songs…
I also tried to explain that as she bought McAfee anti virus with the PC 4 years ago, you still had to pay about £30 each year to get the updated data files and patches. June was puzzled.
“But I don’t need to do that for XP, and I still get the patches from Microsoft” she said…
Yup – and she’ll still get online support for the product for 10 or more years after its release. Quite a bargain…
But I still feel a format C: coming on…
Arthur said
Hello,
When I had a similar question from a friend, (just after XP had been launched), who was using Kaza to download multiple music tracks in the MP3 format, concerning a potential virus.
When I asked him how the machine had become infected, her reply was I don’t know. “I don’t visit dodgy website, all I do is use the computer to download music and video from this site …”
Having checked the downloads, all appeared to be authentic MP3s and AVI files. However, when i decided to check whether the file had a double extension I was surprised to find that some of the “authentic MP3s” did hold a double extension in that they were displayed as “song.mp3.vbs or .mp3.exe”; and because the person was signed in with an account that was a member of the Admin group the files automatically executed and infected the machine.
Several hours later, and after watching the network traffic (netstat -aon, netstat -abon .. in Vista you could use netstat -abefnors), and tracking down the connections using another computer it was fairly easy to block the TFTP downloads before I could start clearing the infection.
Guessing that it may be worth downloading a stinger from NIA or NOD32 and then disconnecting the machine, and disabling the screen saver before starting the stinger and then opening a bottle of wine and a packet of rusks – which incidently helps the brain relax ! then sit back and watch the progress bar …
I guess that being a techie helps here because I knew what I was looking for and could shred those files with the double extensions; but taking a standard novice user it would make life somewhat more difficult ….
Keep smilin’
Arf’s