Beware of streams bearing gifts

Hackers are now using ASF (Advanced System Format) to trick PC users into installing malicious software. If you’re not familiar with ASF, it’s a Microsoft-defined container format for media streams that contain additional content like links to websites and images. You don’t see it around quite as much these days (most sites use FLV or some such these days) but it’s still out there. Click below for more info on how these villains are spiking the venerable format.

The hackers use an ASF to send the user to a website to download a codec when the file is played (as if that ever works). Of course, the codec is really a trojan. This kind of trickery has been going on for years, so savvy computer users may be able to catch this one before they install it.

Once installed, the Trojan horse installs a proxy on the computer for Hackers to route traffic though. This is handy for them, since it helps them hide their tracks when doing evil things. The Trojan also acts like a worm and wraps all MP3 files on the infected machine with the same nasty ASF trickery.

Secure Computing had this advice to offer, “Users downloading from P2P networks need to exercise caution anyway, but should also be sensitive to pop-ups appearing upon playing a downloaded video or audio stream.”