As the poisoned file runs, it purposely sends too much data to the software responsible for playing AVIs in Windows (usually WMP), causing the program to crash and in the process enabling the attacker's hijack code to take over your computer. Play it safe and download the update at Microsoft Security Bulletin MS05-050"
Sunday, November 20, 2005
Defend Your PC Against Video Attacks
Defend Your PC Against Video Attacks: "A researcher at eEye Digital Security identified a way that a bad guy could booby-trap a seemingly benign AVI. The attacker could then embed the poisoned file in a Web page and set it to autoplay in the background, or send it to unsuspecting users as an attachment or a link in an e-mail message. To get you to click, the file could have a title intended to pique your curiosity (say, 'Funny Beer Commercial'). But if you clicked, the joke would be on you.
Posted by sugree at 09:54