Traditionally, mass-mailing viruses are spread as attachments. When a user opens the infected attachment, it executes a piece of code that usually attempts to steal the user's address book, email all it’s members, and often opens a back door to give hackers easy access to the system's resources.
There is now There are trojans such as Trj/WmvDownloader.A and Trj/WmvDownloader.B, are spreading through P2P networks hidden in video files. These trojans take advantage of technology incorporated in Microsoft Windows Media player called Windows Media Digital Rights Management (DRM), designed to protect the intellectual property rights of multimedia content. Windows Media Player specifically uses Windows Media DRM.
When a user tries to play a protected Windows media file, this technology demands a valid license. If the license is not stored on the computer, the application will look for it on the internet, so that the user can acquire it directly or buy it. This technology is incorporated through the Windows XP Service Pack 2 + Windows Media Player 10 update, so most desktop PCs have this.
The video files infected by these Trojans have a .wmv extension and are protected by licenses, supposedly issued by the companies overpeer (for Trj/WmvDownloader.A), or protectedmedia (for Trj/WmvDownloader.B).
If the user runs a video file that is infected by one of these Trojans, the files pretend to download the corresponding license. However, what they actually do is redirect the user to other internet addresses from which they download adware, spyware, dialers (applications that dial-up high rate toll numbers) and viruses.
Also potentially, files named as mp3s could be potentially have extra extensions that the normal user can’t see. For example:
A safe way to handle these files is to go to Windows Media Player and use the menu option File…Open, to open the file directly, instead of double clicking on a file. Double clicking on a file tells Windows to try to open it based on the final extension:
This example, would be executed as a program, which could be a virus, and certainly isn’t an MP3.
If you are suspecting an infection, or have any questions, Please contact us.