Archive for the ‘Internet’ Category
My favorite browser just keeps getting better… Happy Birthday, Chrome!
![[Chrome3stableV8.PNG]](http://3.bp.blogspot.com/_7ZYqYi4xigk/Sq_HobZ0YNI/AAAAAAAAEh0/ARcrVsTFCZU/s1600/Chrome3stableV8.PNG)
Why unverified torrents are unsafe?
Many of the torrent distribution/search websites (such as mininova.org, torrentz.com) mark their torrents as “verified” (hint: a green colored check mark). By definition, a verified torrent is the one which comes from a trusted source sharing legitimate files. Please note that not all but only known group’s torrents are marked as verified sources.
As most of the users would know, one can check the contents of a torrent file when he opens it using a Bittorrent client. However, what many people don’t realize is that even if the torrent file only contains a single video file inside its contents (a 700 MB movie file if you are downloading a standard DVDrip movie) and no executables, you are still potentially at risk! The video, if opened via Windows Media Player, can redirect the user to any arbitrary site and download a trojan on a computer. And here is how it works:
1. User downloads a movie file (.avi) using Bittorrent.
2. User opens it using any random media player (let’s say VLC player). The video would usually display, “Use Windows Media Player” and not play any video content.
3. The above message probably would only make a computer techie suspicious. Most of the users will just open it the way it says i.e. with Windows media player without giving it a second thought. Let’s assume that the user opens it with Windows Media Player! And that’s basically it.. the user is framed.
4. It exploits Windows media player’s security loophole and opens up an illegitimate website (wmvlicense.com in my test case) via default browser and pretends that it is downloading a corresponding license to play the video file. The website asks (if doesn’t do it automatically) the user to download a codec upgrade/installation file, and that actually turns out to be a Trojan!!
How does it exploit Windows media player’s weakness?
Normally when a user tries to play a protected Windows media file, and a valid license is not stored on a computer, the application will look for it on the internet, so that the user buy access to copyright-protected content. This new technology is incorporated in the latest Windows Media Player 10 update as well as XP SP2.
If the user runs a video file that is infected by one of the “DRM Trojans”, they pretend to download the corresponding license from the net. In reality users are redirected to sites that take advantage of Windows vulnerabilities to download spyware, adware, premium-rate diallers and other viruses onto victim’s machines.
The illegitimate website (that I was redirected to in my experiment) branded itself as a Microsoft website and it even had a usual blue-theme used by microsoft.com. However, I found out that the website actually used PHP and not ASP.Net – and that was fishy enough for me to not download it; McAfee Site Advisor confirmed it here.
My software development background helped me uncover the mini-monster, but everyday users can seek help from McAfee Site Advisor service before downloading anything in tricky situations. McAfee and other anti-virus companies actually maintain a list of websites and mark them as bad if they host spywares, viruses, trojans etc. Downloading McAfee’s in-browser toolbar or checking for website’s legitimacy online might help a few if not many.
Safe surfing/downloading!
