(TheForceField.Net ) July 22, 2008 — Reports are circulating on the net of a new malware threat that infects MP3 files. Dubbed Worm.Win32.GetCodec.a by Kaspersky Lab, the worm is apparently spread through P2P networks.
According to Kaspersky Lab, the worm converts the MP3 file to a WMA file but does not alter the .mp3 file extension. When a user plays the file, it opens a malicious web site in Internet Explorer that requests the user download and install what it claims is a codec, but is actually malware. The page, says Kaspersky, "is digitally signed by Inter Technologies." If the user downloads the phony codec, a trojan is installed that allows hackers to take control of the PC.
Although the threat of downloading malware disguised as codecs is not a new idea, this is the first time audio files have been infected, says Kaspersky. While some knowledgable users will be wise to the codec ploy, many will be fooled because most users trust the integrity of their MP3 files.
A bulletin released by Kaspersky July 16 says that the malware signature has been lncluded in their virus database