A critical vulnerability was recently discovered in Winamp, a popular media player for Windows. This flaw can be exploited with a malicious playlist file (.pls) that contains an overly long file name. Spyware vendors already begun using the publicly available exploit to push spyware on victim computers. A malicious web site secretly drops a playlist file to the visitor’s system. Winamp automatically opens this file and starts executing the file list. The player gets caused to download a dangerous variant of the infamous CoolWebSearch hijacker and the SpySheriff parasite.
Fortunately, Nullsoft, makers of Winamp, quickly released Winamp 5.13, which includes a fix for the vulnerability. All users of this media player are encouraged to update the program as soon as possible. Users of vulnerable versions can see a message that recommends updating the program.
It is known that the exploit takes place from the 008.com site (IP address 18.104.22.168). This site is hosted at Netcathosting, which is one of the ISP’s known to host malicious web sites associated with SpySheriff, SpywareStrike and numerous other widely spread parasites. Some security experts recommend blocking the 008.com site as well as the IP ranges 22.214.171.124 – 126.96.36.199 and 188.8.131.52 – 184.108.40.206, which belong to other ISPs – InterCage and Inhoster.