IT@TT - Online

Sounds of Tragedy

Right after all this really sleep-inducing virus news over the past weeks, I bring change. The Windows Media Player has been deemed dangerous to your PC's health. Unless you get it patched first. Two recently discovered flaws in the Player allow malicious users to run programs on your PC.

Can a multimedia player really be a security risk? The answer is in the script; literally. The first flaw relates to a Windows Media Skin (.WMS) Script Execution glitch and only affects Media Player 7. Player 7 supports "skins" to customize its interface. Were you to download a custom skin file that included a script, the latter would execute when the Media Player was run with the harmful skin being used. It allows sending a copy of the flawed skin to another user, con him into using it, and then execute the same script on the other PC. The harmful code permits ActiveX controls to execute; including those not marked "safe for scripting."

We recommend that you should always look at all file attachments with an extremely jaundiced eye. And delete any incoming email with a .WMD and .WMZ file attachment. Even if from a trusted source. Also try and disable HTML email messages. Potential risks include JavaScript, iframe tags and meta refresh tags.

The second flaw is a buffer overrun that affects Player 6.4 and 7. It exploits a flaw in the Active Stream Redirector. This uses .ASX files to enable users to play streaming media residing on intranet or Internet sites (just like WinAMP's ShoutCast). Well, the code that parses .ASX files has an unchecked buffer. This, if exploited, permits one user to run any code on the PC of another user. This code allows the intruder the same rights a the physical user.

You can download the Media Player Patch from http://www.microsoft.com/TechNet/security/bulletin/MS00-090.asp/. Microsoft is subscribing to the "Magic Bullet" theory; it has created a single download to fix both issues.

From a user perspective, I've had cause to check out all the various anti-virus vendor sites. One of the most interesting is Trend Micro's. This includes the usual product plus, updates, and guides. But what is really interesting is their interactive map of virus infections worldwide. You can customize the view by location or virus name, by virus infection or computers affected, by region, or the time period (week, fortnight, month) or a combination thereof. Really cool. Try it yourself too at http://wtc.trendmicro.com/wtc/pcc_wmap.html.

G Menon
[email protected]

Top