Winamp PoC Backdoor and a Zero Day

Friday, May 04, 2007

Winamp PoC Backdoor and a Zero Day

Listen to your infection? Not necessarily as this backdoor binds cmd.exe on port 24501, but needs to be socially engineered in the form of a plugin for Winamp. Code originally released in December, 2006, see attached screenshot. Not much of a fun here either, but as the folks at SANS point out Winamp doesn't play .MP4 files automatically from a web page, so no chance to have it embedded within popular sites and cause mass outbreaks as we saw it happen with the with ANI exploit code and the WMF one.

gen_wbkdr.dll
File size: 45056 bytes
MD5: 74d149f4a1f210ea41956af6ecedb96b
SHA1: 5a2e8d5727250a647ce44d00cf7446775e6cd7d5

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Friday, May 04, 2007

Winamp PoC Backdoor and a Zero Day

No comments:

Post a Comment