Don't Risk your PC

Recently I read a very interesting article on PC World on risk associated with downloading music, videos on your PC.

Think you're downloading a new music songs, video? Watch out--that file may be stuffed with pop-ups and adware.

PC World has learned that some Windows Media files on peer-to-peer networks such as Kazaa contain code that can spawn a string of pop-up ads and install adware. They look just like regular songs or short videos in Windows Media format, but launch ads instead of media clips. Ads and adware have a new way to get on your computer--through files that appear to be music and video.

The ads in Overpeer's disguised media files may annoy some users. But malicious agents such as hackers and thieves could exploit the DRM loophole to do far worse. Security experts fear that, for example, criminals could load their own modified media files with keystroke loggers or other software for taking over your PC, and thus steal your passwords or other sensitive information.

According to Microsoft's Caulton, "It's possible that someone could modify [an existing audio] file after it's created to point back to their http server." If that's the case, virus and malware writers would gain a powerful platform for launching their attacks.

Writing the code to infect computers is the easy part, according to Johannes B. Ullrich, the chief technical officer for the SANS Institute's Internet Storm Center, a computer security watchdog group. "With a lot of these Internet Explorer exploits, the big question is how to get people to visit [the site that executes that code]," he says.

Hacked audio files could provide the perfect incentive. The songs we found gave no warning before launching their string of pop-ups, and before being played they gave little or no indication that they were anything but normal WMA files.