From: <janedough250164@dontsendhotmail.com>
| I was just reading that information inherent in a wmv file can execute
| other files (see below). Is there any way to determine if there's code in
| a wmv file before opening it with WM Player or Media Player Classic (or
| another program)?
|
| http://www.geocities.com/ResearchTri.../eng/safe.html
|
>> There is also an issue regarding Windows Media Player, which under some
| environments may allow any media file which is opened by Windows Media
| Player to execute some local files (depending on their extensions, but
| including some executable extensions) as long as the name and path of the
| file are given in that media file. The issue, has to do with the ability of
| .wmv files to refer to an Internet address (the accurate term should be URL
| rather than "Internet address"). This address can also be a location of a
| local file in the computer. In such a case, the wmv file can instruct
| Windows Media Player to execute a local executable file, as long as the
| location and name of the file are given in the .wmv file. As you should
| already know, the WMV file may have any extension as long as it is opened
| by Windows Media Player. There is a way to block an exploitation of this
| security hole, and it involves tweaking the registry keys. The instruction
| is relevant to Internet Explorer versions 4 and above. It has to do with
| disabling the "Download unsigned ActiveX controls", in the "My Computer"
| security zone.
>>
>> We shall not give here full explanation, but only comment that this
| activity is done with the help of components from Internet Explorer. The
| needed tweaking is to use a registry editor, and in the following
>> registry key:
>> HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Zones\0
>> to change the value of the "1004" entry to contain a DWORD value of 3.
>> ("HKCU" stands for HKEY_CURRENT_USER).
As Mike indicated that is what Anti Virus softqwasre is for. If you don't scann all file
types then make sure WMV files are scanned.
Any file can be named anyrhing and can still be used via the registry even if the file
extension is not a executable file. However, you have more to worry about a Wimad Trojan
where the WMV explots the Windows Media Player DRM to download and install malware. A
tactic the Zango/180Solutions is well known for.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Reply With Quote