Tuesday

Video Codec Malware

You may be aware that some types of video files need special "codecs" to be able to view them properly on your Windows computer. Video files are often heavily compressed to save space, and some specific codecs can be required to handle the particular type of Compression or Decompression needed to work with those files. Our malware-writing friends have also realized that this is a pretty neat way to trick people into installing Bad Stuff. 


The scenario goes something like this; you download a video file from a dodgy site (tsk, tsk), and when you try to play it you get a prompt indicating you need to install a special codec (or sometimes even a different type of media player) to be able to view the file - probably similar to this:



At this point you should STOP. If you proceed, you will likely be infected and the video file still won't play (because the large video file was just a dummy file in the first place). Now, it is possible that you legitimately do need an additional codec to run this particular file. Scanning the video file may not always  indicate an infection.


This is what I do; I don't install additional codec packs, although you can get legitimate packs to handle the more unusual files. Instead, I use something like VLC Media Player or GOM Player, both of which are free and come with support for the vast majority of video and audio files available. I use either of these instead of Windows media player.


If I try to play a file and it squawks about a codec, I consider it a suspect file. If GOM thinks you still need a codec for a legitimate file, it will pop up it's own dialog for that.


If you have a video file that is complaining about requiring a codec or another player, go ahead and install VLC or GOM first and see if they can run it. If not, just delete the file and avoid that dodgy site again.

No comments :