Missing Codecs?
Jun 18, 2008 in Codec, Social engineering
A quick mention of that most obvious-in-retrospect gotcha when wandering around seedier websites. While adult content sites willingly try this trick, the danger must spread, as a matter of dark business, to more innocuous-seeming websites.
In other words, it’s no longer the feral surfing habits of household males that will place your computer, and the family’s integrity, at risk. The ladies and kiddies will be - and probably are being - confronted with this dangerous choice on the Internet.
I refer to the missing "Codec."
What’s a ‘codec’?
What’s a "codec"? Software (part of your computer’s media player) that allows you to watch videos and sound on the web.
A few years ago it was a headache. Microsoft Windows Media Player and Apple QuickTime would only play every second media file one came across on music and video download or streaming sites. So they would nag you about a "missing codec" just when you expected some entertainment.
And why do you care?
You do care, don’t you?
The criminals lighted upon this as a marvellous opportunity for social engineering - aka, tricking you. Since the best way to infect a PC is get the dumb human in charge to tell it to infect itself, the crooks realized they could ask you to do their dirty work by trickery - like click "Yes please, install that codec so I can watch the video of Angelina and Brad with their new baby."
Your request for this reasonable action might work, or simply be ignored. Even if it worked, a compromised codec can be installed (’compromised’ = one that has extra malicious instructions written into it, code not in the original codec) or you are ignored altogether and though nothing seemed to happen, malware was directly installed without your knowing.
Above is a typical screen, which you click and nothing happens. No video of Hollywood’s premier couple. You give up, but it’s too late. Something did happen and you will NEVER know - or, when it’s far too late, perhaps you will.
A Trojan was installed (right beneath your uncomprehending nose) designed to record the login and password to your banking website and quietly phone home to the bad guys when mission accomplished.
How to avoid installing codecs you think you need
You DO NOT need codecs. If the video or sound won’t play, move on.
However, if your boss gave you a DVD containing a video that your computer won’t play because Windows Media player actually means what it says when it complains of a missing codec (and this is nothing to do with a bogus web site) then you have three options:
- Spend all night trying to find the codec on the Internet - not recommended.
- "Boss, I couldn’t play it. Can I see IT for advice?" - also not recommended, speaking as an IT tech :0)
- Install VideoLAN’s VLC media player on your computer. It plays just about everything, codecs be damned.
PS: There’s far more to it than space permits. I’ll stop here for simplicity’s sake. Plenty of related posts down the line.