Feb 6, 2006 :: "Spyware tunnels in on Winamp flaw"

[Jason]

Full Article Found Here:
http://www.zdnetasia.com/news/security/0,39044215,39310016,00.htm

Pasted in full (un-altered):

Spyware tunnels in on Winamp flaw
By Joris Evers, CNET News.com
Monday , February 06 2006 11:28 AM

A security bug in Winamp is being exploited by miscreants to install spyware on machines running the media player software, experts have warned.

Earlier this week, security companies warned that attack code for exploiting the flaw was circulating on the Internet. Last week, Sunbelt Software said it had found a Web site hosting a malicious Winamp playlist file. Opening the file loads spyware onto an unwitting user's PC, it said.

"After surfing to a malicious Web site on our test machines, the file 'x.pls' begins to download," Sunbelt's Adam Thomas wrote in a posting on the anti-spyware software maker's corporate blog. "Almost immediately, Winamp starts to execute the play list and remote code execution begins."

The flaw was disclosed on Monday, when Winamp maker Nullsoft, a division of America Online, released an update to fix it. The company posted version 5.13 of Winamp, while Secunia and other security companies issued alerts about the problem. Secunia rated the issue "extremely critical," its highest rating.

"Not following the recommendation from Nullsoft to upgrade to version 5.13 could result in the extremely nasty CWS Looking-For.Home Search Assistant infection as well as an installation of our good friend SpySheriff," Thomas wrote. Antivirus software is not yet detecting this exploit, he wrote.

Home Search Assistant might monitor a user's activity and send out confidential information to its creator, according to Sunbelt's threat database. SpySheriff will display a false warning that the computer is infected with spyware. It then tries to persuade the user to buy a SpySheriff product, according to Sunbelt.

Distributors of adware and spyware often exploit security vulnerabilities in programs to get their applications onto PCs. Makers of such software often pay distributors per installation of the adware or spyware.

The Winamp problem affects version 5.12 of the media player.  Earlier versions may also be affected..  Late last week, the malicious Web site referred to by Sunbelt, 008k.com, appeared to be offline. The site displayed a message: "Site is closed for abuses."

Check your version now and upgrade if needed to avoid potential issues.

-Jason

[Mark]

It's a good thing I've abandoned Winamp a long time ago (I have an iPod so I'm forced to use iTunes ). However, I must say I started to wonder about there views on security when they started having to patch it left and right when they came out with that album info viewer thing that uses webpages (forgot what it was called already).

[WSA]

I actually like iTunes.  I use it also for my iPod.  The main thing I don't like about iTunes is the fact that you can't burn songs on a disc into MP3 format unless they were imported as an MP3.

[Mark]

Don't get me wrong here, iTunes plays music fine, but it just has problems. Sometimes it locks up (in v6, earlier versions where fine) when I plugin my iPod Photo. I have to close iTunes first, then plug in my iPod, then manually open iTunes (even though I have it set to auto launch when I connect my iPod ). That's the biggest issue I have with it, then there's other small things like that it doesn't auto import album art like Windows Media Player does. Man oh man how I wish it did that.

[Jason]

Well, I just upgraded...I was on 5.12   

[WSA]

i still need to upgrade my itunes.  heck, still need to upgrade my ipod too.

i used to use musicmatch and that was alright but i had to take it off because it would autolaunch from kazaalite when i tried to import songs to itunes.  i would have to apps open.  so i uninstalled mmjb.  i like mmjb also.

[Jason]

I use musicmatch for cd ripping.  Great program.  I did over 200 cds a few years back over a weekend.