InstantForum.NET v4.1.4Tweaks.com Forum http://forum.tweaks.com/forum/forum@tweaks.comThu, 20 Nov 2008 12:10:40 GMT20http://forum.tweaks.com/forum/Topic238731-59-1.aspx[quote]Recently one of our readers, Doug, sent us an ASF file that does something interesting: when you open it in Windows Media Player, it will immediately launch Internet Explorer which will then prompt you to download an executable file.<br><br>As I don't see this every day, I went to investigate this a bit further. According to Microsoft, the ASF file format (and possibly other formats) allows creation of a script stream. The script stream can use certain, simple, script commands in Windows Media Player. This information is available at http://msdn2.microsoft.com/en-us/library/aa390699(VS.85).aspx<br><br>Now, the malicious ASF file we received opened Internet Explorer with the URL pointing to hxxp://www. fastmp3player.com/affiliates/772465/1/?embedded=false. This web site had a further 302 redirect to hxxp://www. fastmp3player.com/affiliates/772465/1/PLAY_MP3.exe (both links are still working), which is some adware and is reasonably detected by 20 out of 32 AV programs on VirusTotal...[/quote]<br><A href="http://isc.sans.org/diary.html?storyid=4355">isc.sans.org</A>Wed, 30 Apr 2008 07:27:19 GMTquietman7