Digital attacks on Winamp use 'skins' for camouflage
Beware of wolves in llama's clothing.
That's the lesson for Winamp users, after a group of security researchers discovered that spyware makers are using a flaw in the way the multimedia software loads graphical themes, or skins, to infect PCs with their wares. The digital music player--made by America Online subsidiary Nullsoft, whose informal mascot is the llama--improperly allows the skin files to run programs.
The flaw is being used by some spyware makers to infect people's computers with their illicit programs, according to another group of researchers, at French company K-Otik Security. The attack had been used to spread spyware among Internet relay chat users, infecting a computer after the victim clicked on a Web address that appeared in the chat window.
By Robert Lemos at ZDNet.
[ Read more ]