The well-known Kaspersky Labs reported that it has been detected a malicious program that infects the WMA audio files with the purpose to install a Trojan that will offer to a cybercriminal the control over the user’s computer.

The worm, which was named Worm.Win32.GetCodec.a, will convert the MP3 files to the WMA (Windows Media Audio) audio format without changing the .mp3 file extension. Then it will add a marker with a link to an infected web page to the converted files. This marker will be automatically activated during the audio file playback, opening an infected page in Internet Explorer. The user will be asked to download and install a file which, according to the website, should be nothing but a harmless codec. If the user agrees to download and install that file, the Trojan known as Trojan-Proxy.Win32.Agent.arp will be downloaded to the computer, offering to the cybercriminals the control of the victim computer.

The difference between the earlier Trojans and this recently detected worm is that this last one actually infects the audio files, while the earlier Trojans were only using the WMA format to mask their presence on the system (i.e., the infected objects were not music files). According to the Kaspersky Lab virus analysts, this is the first such case.

What’s really worrying is that a successful attack is quite likely, as most of the users tend to trust their audio files and will not associate them with any potential infections.

Happily, immediately after the Worm.Win32.GetCodec.a was detected, its signatures were added to the Kaspersky Lab’s antivirus databases.

Source: Kaspersky Lab News

This entry was posted on Monday, July 28th, 2008 at 11:28 pm and is filed under IT News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.