Virus/trojan launched when playing .mpg file
 

I downloaded an .mpg file and when I double clicked it, it launched Windows Media Player and started to play.

Then a bunch of browser windows started opening, directed to porn sites. Then my anti-virus software said I had js/seeker virus/trojan.

Anyone know how the .mpg file was able to do this? Are the holes in Windows Media Player? Hidden File extension (not likely, since phex showed it as .mpg)?


Help.
Thanks.

I bet it was a .asf file.
ASF files have to ability to direct you on a website
with the Internet Explorer. There he can use JavaScript
to do malicious things.

As far as I know there's nothing to do about the asf
files opening iexplore

Yeah, but...
I downloaded the .mpg using PHEX.
Phex prompts you for a file name when downloading, so I edited the filename which was quite long, and specifically entered the inocuous name "An.mpg".

So there was no hidden file extension, unless Phex is hidding those exentsions as well, which seems pretty weird since its java and all.

I'm fairly certain it was just a .mpg file without a hidden extension, I will do more research tonight.

Is there anyway a file with an extension of .mpg (without any hidden extension) can cause a trojan to be triggered? Are there some flaws in windows Media player that allow this?

Stumped.

You can rename an asf file to mpg and it will still play, Windows Media Player just guesses what it is when it opens it. So it could have been ( and probably was ) really an asf file.

or worse, it was a exe file and you renamed it
why are you all so happy when you run a lame OS and have problems like this?
:) :) :) :) :) :)

If it was an exe it wouldn't have played.

asf is not a security hole, it just allows for scripting like many other formats.

the driver support is nice :)

Mystery Solved
 

Paradog and tshdos were correct.

The file was in fact a asf file with an mpg extension.
I had to download the Windows Media Resource kit to analyse the file.

The asf file contains a script command that causes IE to go to a URL. That page contains the evil JS/seeker code.

Thank you for all your help.

If you have any thoughts on how I can safely play mpeg/mpg files please let me know.

1) use a different browser (i recommend Opera)

2) set up a firewall and block Internet Explorer and Windows Media Player from connecting to the internet

(there are probably a million other solutions as well, but this is the first that came to mind. someone who watches more movies on their comp should be able to assist more.)

Re: Mystery Solved
 

Use BSPlayer, it will play fine your ASF files and no scripts! (BSPlayer is like WinAmp but for video, you can even get new skins -the default is ugly :) - ). Also you can download ASFTools and remove any URL or convert the ASF into AVI (I prefer this).