Winamp vulnerability used to install spyware

A critical vulnerability was recently discovered in Winamp, a popular media player for Windows. This flaw can be exploited with a malicious playlist file (.pls) that contains an overly long file name. Spyware vendors already begun using the publicly available exploit to push spyware on victim computers. A malicious web site secretly drops a playlist file to the visitor’s system. Winamp automatically opens this file and starts executing the file list. The player gets caused to download a dangerous variant of the infamous CoolWebSearch hijacker and the SpySheriff parasite.

Fortunately, Nullsoft, makers of Winamp, quickly released Winamp 5.13, which includes a fix for the vulnerability. All users of this media player are encouraged to update the program as soon as possible. Users of vulnerable versions can see a message that recommends updating the program.

It is known that the exploit takes place from the site (IP address This site is hosted at Netcathosting, which is one of the ISP’s known to host malicious web sites associated with SpySheriff, SpywareStrike and numerous other widely spread parasites. Some security experts recommend blocking the site as well as the IP ranges – and –, which belong to other ISPs – InterCage and Inhoster.

Remove the parasites installed by Exploit.winamp.pls

Your opinion regarding Winamp vulnerability used to install spyware

Like us on Facebook