Asking for help again
While we still wonder which is the latest vulnerability in our operating systems that can allow the attackers to own them, some real hackers are trying easier ways to obtain access to the John Doe's systems. And there is no easier method than asking for help through social engineering. When the target himself installs the malicious software into his system, it is very likely that the results are excellent for the attacker.
This method has been used several times before, sometimes using infected versions of legit software and sometimes with the bare malicious software (and some promise of a better life attached to it). The later method (more or less) is the one used by the 3wplayer.
Although some information is available, today only 3 out of the 32 anti-virus engines (F-Secure, Ikarus & Rising) available through VirusTotal are able to detect malware in the latest version of 3wplayer (3wPlayer-1.5.0.0-setup-0601.exe). However, for the security concerned, it is quite suspicious the way it tries to get users to install the software.
I have received several reports of people downloading contents from P2P networks that when trying to play the downloaded avi with "impossibly cool" content, they only get a short message claiming that the file cannot be played with media player and that it needs 3wplayer that is available through their website (not included here to avoid stupid mistakes).
While I don't support the share of copyrighted content, I still believe that people should be aware that most media players are able to extend their format support by using the required codecs, and that it is quite unusual to try to compete against the most popular mediaplayers without selling (or even giving for free) some product to encode content in their format, so people are able to create enough content to really push the demand for the player.
Have a safe P2P experience!
This method has been used several times before, sometimes using infected versions of legit software and sometimes with the bare malicious software (and some promise of a better life attached to it). The later method (more or less) is the one used by the 3wplayer.
Although some information is available, today only 3 out of the 32 anti-virus engines (F-Secure, Ikarus & Rising) available through VirusTotal are able to detect malware in the latest version of 3wplayer (3wPlayer-1.5.0.0-setup-0601.exe). However, for the security concerned, it is quite suspicious the way it tries to get users to install the software.
I have received several reports of people downloading contents from P2P networks that when trying to play the downloaded avi with "impossibly cool" content, they only get a short message claiming that the file cannot be played with media player and that it needs 3wplayer that is available through their website (not included here to avoid stupid mistakes).
While I don't support the share of copyrighted content, I still believe that people should be aware that most media players are able to extend their format support by using the required codecs, and that it is quite unusual to try to compete against the most popular mediaplayers without selling (or even giving for free) some product to encode content in their format, so people are able to create enough content to really push the demand for the player.
Have a safe P2P experience!
Labels: Social Eng
posted by Jorge Ortiz at 12:53 AM
3 Comments:
I have to say... the most encoded avi is... porn content! If you want to use social engeenering tactics, use the best! This is the lesson... :)
For the one that cares, the link above in wikipedia points to a free converter, so... don't lose the content! ^_^
I fully agree with your point on porn. It is porn content the one that is most used for social engineering, like the one that asks the user to call to an expensive toll phone number while browsing the site...
Sorry, about missing the converter. However, I have reread the article and the only reference that I still found is "No converter will help." Maybe different versions of the article :-( If you could, please, include the reference to the converter for other readers, I would appreciate. Thanks
yep! for "don't lose the content", by the converter, i ment... porn! ^_^
You may not believe me, but yesterday wikipedia shows the link... today there is a skull :)
After a quick look in my cronology, I found:
http://www.topdownloads.net/index/software/view.php?id=121109
http://www.megaleecher.net/3wPlayer_Malware_Infected_Torrent_Spreading
Good day and keep the good work!
Post a Comment
<< Home