TrustedSource™ Blog

Trojan infecting multimedia files

A new trojan has been spotted spreading in the wild, infecting multi-media files on a victim’s harddisk with malicious content. The malware embeds malicious content into multimedia files based on the Advanced Systems Format (ASF), a widely used format for video and audio content such as MP3 and WMA music files, WMV video files and others. When trying to play back the infected files, the user is fooled into believing a codec would be needed to play back the content.  When downloading the advertised fake codec, the user would end up installing malware instead.

One of the media file infector’s capabilities is to also convert MP2 and MP3 files (MPEG-1)  into Windows Media Audio (WMA)  files. The malware injects a malicious command into any such ASF files on the victim’s harddisk, causing Windows Media Player to redirect to a malicious resource on the Web (the fake codec).

As soon as the multimedia file is played back and the advertised fake codec is being run by a tricked user, pop-ups from Windows Media Player, asking for a codec to install, do not appear anymore - creating the false impression that a codec has been successfully installed.

Of course, this is just the consequence of the malware simply changing the compromised system’s behavior. By infecting the multimedia files, the attackers promote the spreading of their miscreant through (peer-to-peer) file sharing networks. Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream.

The Secure Anti-Malware Engine generically blocks these infected multimedia files as “Trojan.ASF.Hijacker.gen“.

Back to TrustedSource™ Blog overview