Recently one of our readers, Doug, sent us an ASF file that does something interesting: when you open it in Windows Media Player, it will immediately launch Internet Explorer which will then prompt you to download an executable file.

As I don't see this every day, I went to investigate this a bit further. According to Microsoft, the ASF file format (and possibly other formats) allows creation of a script stream. The script stream can use certain, simple, script commands in Windows Media Player. This information is available at http://msdn2.microsoft.com/en-us/library/aa390699(VS.85).aspx

Now, the malicious ASF file we received opened Internet Explorer with the URL pointing to hxxp://www. fastmp3player.com/affiliates/772465/1/?embedded=false. This web site had a further 302 redirect to hxxp://www. fastmp3player.com/affiliates/772465/1/PLAY_MP3.exe (both links are still working), which is some adware and is reasonably detected by 20 out of 32 AV programs on VirusTotal...