As recent researches have showed there seems to be an enlarged activity on ports directed to Windows Media Player and Winamp, a token that attackers are making efforts to screen machines for a new codec vulnerability.
The security firm Secunia, pointed out the weak features that make the players vulnerable – they are to be found in 3ivx Technologies' MPEG-4 codec, a necessary compatibility application used to create and play back MP4 files.
According to SCMagazineUS.com, Ben Greenbaum, senior research manager in Symantec Security Response Experts confirmed that this vulnerability extends from all older versions of the popular multimedia programs (Windows Media Player 6.4, Media Player Classic 6.4.9 and Winamp 5.32) to newer ones.
The same expert stated that attackers are choosing to exploit bugs in media players and the plugins that augment their functionality as organizations and vendors improve the security of their operating systems and programs.
Greenbaum emphasized that the exploit is conducted through trusted websites which are used by attackers who benefit from the fact they are allowed to slot in their own content. The method proves to be quite efficient for attackers who can this way get their exploit up to a site that is well rated.
He also mentioned that what attackers are after is dropping a secondary payload, such as a bot or trojan. Secondarily, Greenbaum suggested that businesses should make sure they dispose of such a policy that gives employees permission to connect to media players only if their work requires them to do so.
According to the same source, SCMagazineUS.com, a spokesman for AOL, Kurt Patat recommended that people should upgrade to version 5.5 in order to avoid any problem caused by the aforementioned vulnerability.
In turn Mark Miller, director of security response for Microsoft, made the same suggestion to Windows Media Player users.
