9 replies to this topic

[YoKenny]

Quote

Consider the Source, Not Just the File Type

An uptick in malware that infects music files being traded on popular peer-to-peer (P2P) file-sharing networks should give Windows users pause about downloading songs from unknown sources.

Symantec is reporting a spike in the number of audio files infected with what it calls Trojan.Brisv.A (detected as Worm.Win32.GetCodec.a by other antivirus vendors). The malicious software resides in otherwise innocuous-looking music Windows Media Audio (.wma) files that, when opened, changes all .mp3 and .mp3 files on a host system to Windows Media Audio (.wma) format.

http://voices.washingtonpost.com/securityf...not_just_t.html

[kmillerusaf]

Yeah it sucks that you can't trust p2p files as much as you could in the past but so many people download mp3s that they are prime targets for malware.

Keith

[Andavari]

Removing all the tags will get rid of many issues.

[kmillerusaf]

The tags that contain the song's information? Is that where they store the malicious code?

[Corona]

Where are these tags? How would you access/delete them?

[Andavari]

Delete them with MP3tag, etc.

[kmillerusaf]

Corona, on Feb 17 2009, 03:26 PM, said:

Where are these tags? How would you access/delete them?

Winamp/Windows Media Player usually are able to access the mp3 tags... They contain info about the song that displays it to the player... Like song name, artist, album, genre, etc... Usually a right click and go to properties/info inside the program will allow you to view these tags.

Andavari, on Feb 17 2009, 03:38 PM, said:

Delete them with MP3tag, etc.

Thanks Andavari for the link... It was never confirmed though, is it here where malicious code is stored?

[Andavari]

kmillerusaf, on Feb 17 2009, 04:35 PM, said:

Thanks Andavari for the link... It was never confirmed though, is it here where malicious code is stored?

In the past it was the ID3v2 tag where people would hide the nasties. Of course nowadays people also use other tags too like APEv2, and Lyrics3 (which MP3Tag can remove, don't know about WinAmp and WMP removing those and I'd think they can't out of the box) so who knows for sure but anything that can store non-music data inside of MPEG data I'd suspect could have something wrapped up inside of it. I've personally never come across any infected MP3s, etc., however I knew years before that it was possible. It's worth malware scanning everything that's downloaded that includes any music and videos too.

[kmillerusaf]

I've come across a few mp3s that were infected and felt so lucky that I scan everything before I open/play them. I am pretty sure out of the box, Winamp and WMP can edit the tags...

[Corona]

Thanks Andavari! I downloaded MP3tag and am taking a look at it now.