Don’t use cracked/pirated software! These are easy avenues for introducing malware into, or exploiting weaknesses in, a system. This also includes the illegal P2P (peer-to-peer) distribution of copyrighted audio and video files: some of these are counterfeited or modified so that they can be used directly in the malware distribution process.
Even if a utility seems to come from a trusted and trustworthy source rather than Mrs. Miggins’ Warez Emporium, it pays to verify as best you can that it’s genuine.
Win32/GetCodec.A, of which there’s an awful around, is a type of malware that modifies media files. This Trojan converts all audio files found on a computer to the WMA format and adds a field to the header that includes a URL pointing the user to malicious content, claiming that the fake “codec” has to be downloaded so that the media file can be read.
WMA/TrojanDownloader.GetCodec.Gen is a downloader which facilitates infection by GetCodec variants like Win32/GetCodec.A.
I may not be able to blog for a few days, as I’ll have intermittent connectivity, but the other guys will still be putting stuff up as time allows. When I get back, I’ll probably be looking at some other material from the 2008 report.
David Harley BA CISSP FBCS CITP
Author David Harley, ESET