Security researchers at Panda Software have detected two new exploits, Trj/WmvDownloader.A and Trj/WmvDownloader.B, in video files circulating on peer-to-peer networks.
When users try to play these spyware-laden files, WMP’s new anti-piracy technology looks for a valid license. If the license is not stored on the computer, unsuspecting users are redirected to a website that contains misleading messages intended to dupe users into installing large quantities of unwanted software.
Users with all the latest updates of Windows XP Service Pack 2 plus Windows Media Player 10 won't get these pop-ups. But users with older software are susceptible to massive contamination.
In a recent test, Harvard University student Ben Edelman followed the misleading prompts. The infection added 58 folders, 786 files and 11,915 registry entries to his previously unused test computer. Edelman says none of the programs showed him a license agreement, nor had he consented to their installation on his computer.
Although the exploits have been detected in video files on P2P networks such as Kazaa or eMule, Panda warns that these files also can be distributed via email, FTP or other Internet download avenues.
