Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

MS Trojans just keep on getting sillier

  • 15-12-2000 07:38PM
    #1
    Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭


    The Short version: .ASX files, which are streaming media files that play in Windows Media Player, can transmit Virus / Trojan horse programs.
    <font face="Verdana, Arial" size="2">
    ========================================================
    BRIAN LIVINGSTON: "Window Manager" InfoWorld.com
    ========================================================

    Monday, December 11, 2000

    THAT SOUND YOU HEAR MAY BE MEDIA PLAYER INTRODUCING A
    VIRUS INTO YOUR COMPUTER

    JUST WHEN YOU thought it was safe to play music on your
    PC, a new virus threat has emerged. This one runs
    secretly when you play what you thought was an ordinary
    Windows Media Player file or when you visit a Web site
    that plays the file automatically.

    New viruses, of course, appear every day. But this one
    is different. The Media Player file that makes this
    threat possible -- known as an ASX or Active Stream
    Redirector file -- isn't an executable program. It's
    supposedly just data. What's next? Plain-text files
    that introduce a virus to your PC when you open the
    text in Notepad? Nothing would surprise me anymore,
    although I don't think anyone's found a way to
    compromise Notepad yet.

    But the weakness in Media Player illustrates the kinds
    of problems that arise from Microsoft's insistence on
    bundling more and more applications into Windows.

    I wrote in my Sept. 11 column ("Windows Me, You Jane:
    How do you tame the new 800-pound gorilla from
    Microsoft?") that Microsoft had bundled Media Player 7
    into Windows Me in such a way that the player could not
    be easily uninstalled. Presumably, the Redmond, Wash.,
    company did this to wipe out competing players from
    Real Networks and others.

    I demonstrated how to remove Media Player and other
    flotsam from Windows Me and Windows 98, using Win98
    Lite (see http://www.98lite.net/products.html). But most
    people will never perform this kind of surgery on their
    operating system. So we're left with a new security
    flaw to guard against.

    The ASX virus threat occurs because versions 6.4 and
    7.0 of Media Player don't prevent an ASX file from
    running hidden executable code. This code can install
    and run any software it wishes on your machine. This
    software, in turn, can do anything you have the
    privileges to do, according to a bulletin from
    Watchguard Technologies (http://www.watchguard.com).
    This includes sending e-mail and modifying or deleting
    any files you can access. If you have privileges on a
    network, the virus can access those files too.

    Ordinarily, an ASX file doesn't contain any streaming
    media. Instead, it's used to point to a location on an
    intranet or Internet site from which media files are
    run.

    But this doesn't make things any less dangerous. An
    ASX file can be run automatically when you visit a
    Web page. A malicious Web site operator might use it
    to plant a Trojan horse on as many PCs as possible in
    order to gain access to confidential information.

    An ASX file can also run automatically in an e-mail
    message you receive. As we've seen from the Melissa
    virus and others, a harmful e-mail can easily be made
    to look like a message from a trusted friend.

    Once upon a time, a virus could infect your PC via
    e-mail only if you opened a malicious attachment. And,
    like any data file, an ASX file can in fact be sent to
    you as an attachment.

    However, as I've written before, viruses can now run
    without you opening an attachment. The default settings
    of Microsoft Outlook and Outlook Express automatically
    run harmful code in HTML e-mail you receive. Simply
    viewing an HTML message in these and some other e-mail
    applications can open a browser window. This, in turn,
    executes an ASX file on your PC.

    I explained in my Dec. 27, 1999, column ("'Moles' are
    one thing, but malicious e-mails are an even worse
    form of Web abuse,") how you can disable "mobile code"
    from running in your e-mail and your browser. The
    procedure restricts programs using ActiveX and Java
    from executing without your knowledge.

    Fortunately, Microsoft has released patches that fix
    the ASX problem. (They also guard against, of all
    things, graphical overlays called "skins" that have
    been hacked to carry viruses.)

    The patches and a FAQ that explains the problem in more
    detail are available at
    http://www.microsoft.com/technet/security/bulletin/MS00-090.asp

    Another interesting view of this problem is available
    from Ollie Whitehouse, who reported the issue to
    Microsoft. He provides sample code that illustrates
    the security flaw using Windows 2000 with Service
    Pack 1 as an example. (Go to
    http://www.securityfocus.com/archive/1/146639.)

    The biggest issue, of course, is when Microsoft will
    require outside security audits before releasing new
    products. The ASX virus flaw is the 90th security
    weakness reported on Microsoft's Web site this year
    alone. At some point, even companies that are addicted
    to Microsoft products will say "enough."

    - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    MORE WINDOW MANAGER
    For a complete archive of his InfoWorld columns visit
    http://www.infoworld.com/opinions/morewindowmanager_f.html

    INFOWORLD OPINIONS
    Weekly commentary from the most trusted voices in
    IT at: http://www.infoworld.com/opinions/index.html

    - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    QUOTE OF THE DAY:

    "Paradoxically, the best way to ensure harmony in a
    business partnership is for both parties to remain
    constantly ready for discord."

    --Tom Yager, East Coast technical director of the
    InfoWorld Test Center.

    http://www.infoworld.com/articles/tc/xml/00/12/11/001211tcpartner.xml

    - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    SUBSCRIBE
    To subscribe to any of InfoWorld's e-mail newsletters,
    tell your friends and colleagues to go to:
    http://www.iwsubscribe.com/newsletters/

    To subscribe to InfoWorld.com, or InfoWorld Print,
    or both, go to http://www.iwsubscribe.com

    UNSUBSCRIBE
    If you want to unsubscribe from InfoWorld's Newsletters,
    go to http://iwsubscribe.com/newsletters/unsubscribe/

    CHANGE E-MAIL
    If you want to change the e-mail address where
    you are receiving InfoWorld newsletters, go to
    http://www.iwsubscribe.com/newsletters/adchange/

    - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Copyright 2000 InfoWorld Media Group Inc.


    </font>


Comments

  • Moderators, Music Moderators, Recreation & Hobbies Moderators Posts: 9,391 Mod ✭✭✭✭Lenny


    hmm very very interesting


  • Closed Accounts Posts: 7,488 ✭✭✭SantaHoe


    ROFL Oj, you sound so much like you're taking the p!ss there.
    Or maybe I'm just going insane again... hmm.


    SONIC.gif


Advertisement