Be cautious! ASF Files Are Used To Execute Malicious Scripts in Windows Media Player

ASF is Microsoft’s new audio/video format, meant specifically for streaming purposes. It doesn’t specify how the video or audio should be encoded, but instead just specifies the structure of the video/audio stream. This means that ASF files can be encoded with basically any audio/video codec and would still be in ASF format. Many times ASF is confused with Microsoft’s implementation of MPEG-4 video format, because most of the ASF streams are encoded using this technology.

A new attack uses ASF files opened in Windows Media Player to launch Internet Explorer which will then prompt you to download a malicious executable file. If you want to share the asf file with your friends and don’t want to get them infected with malicious scripts, you can convert asf video to flash video and upload it to website, which would benefits both you and your friends.

The Microsoft ASF file format (and some other formats) allows creation of a script stream. The script stream can use certain, simple, script commands in Windows Media Player. The playing application that supports ASF is responsible for executing the script commands at the proper time.

While this attack is not sophisticated at all (and there is no real exploit here, just a “feature”), one thing that is worrying is the fact that this can be used to launch a browser on machines which are not patched, through Windows Media Player. And this also works with the latest Windows Media Player on Vista.
It is possible to disable this “feature” in Windows Media Player by modifying certain registry keys:
Open HKEY_CURRENT_USER\SOFTWARE\Microsoft\MediaPlayer\Preferences

And change values to:
- PlayerScriptCommandsEnabled: 0 (disabled) – disabled as default
- WebScriptCommandsEnabled: 0 (disabled) – default is 1 (enabled)
- URLAndExitCommandsEnabled: 0 (disabled) – default is 1 (enabled)

More information is available at http://support.microsoft.com/kb/320944. The keys might not exist and be very careful when changing anything in the registry.
Due to the recent attacks, the scripts are recommended to be disabled.

ASF Playback Problem with Windows Media Player under Vista OS

I installed Windows Vista on my work computer a couple of months ago (see bb20070802_01.asp) and things have largely gone well so far. There have been a few rough edges, however, which bring us to the topic for today.

The Problem
I have a wireless webcam at home, a Linksys model WVC54GC (Ref. 1), connected to the home network, and pointing out the front window. It has a motion-detection feature, so if anything moves (a delivery truck, or the neighbor’s dog, e.g.), it captures a brief 5-second video clip and sends it as an email attachment to my email address. This is a convenient way to keep track of the house while on vacation, or just at work.

Viewing the video-clip is a simple matter of double-clicking on the attachment, which launches Windows Media Player v11 (WMP) and displays the video. This used to work as planned on Windows XP, but in Vista the Media Player shows just a black window, no video content is displayed.
 
The mouse cursor blinks every so often, as if WMP is trying, but the display window remains blank. I tried solving the problem by saving the attachment to a folder on disk, then opening that saved file with WMP, but it made no difference.

The Solution
This is not so much a solution as a work-around.

Some web searching led me to a discussion thread on the Linksys forums (Ref. 2) which contains not one, but two workarounds.

The first workaround, posted by Icebreaker, is to simply rename the file extension from .asf to .asx. I tried this on the file I had saved earlier, and, somewhat surprisingly, this works (Fig. 4 below).

The second workaround, posted by JonChambres in the same discussion thread, is to use the VLC Media Player to play the .asf files.

VLC is a free open-source media player for a number of platforms, including Windows Vista. I downloaded and installed it from their web site, and indeed it correctly plays the .asf files.

This has a major advantage over the first workaround, since the file does not need to be renamed, I can now view the video by simply double-clicking on the attachment in the mail client.

While installing the VLC player I had taken care to un-check the default setting of associating various media formats to open with VLC, so I now needed to associate .asf files with VLC player. I did this in Windows Explorer by right-clicking on the .asf file, then selecting “Open With” and “Choose Program”.
This brought up the next dialog where I chose VLC Player from the suggested programs. I took care to “check” the box labeled “Always use the selected program to open this kind of file”, and then clicked OK.

While not a true solution to the original problem (see Discussion below), this is an adequate workaround, and I can now view the .asf videos by just double-clicking on the files or attachments, and it launches VLC Player to display them.

Super ASF Tools Source from Internet

 
ASF stands for Advanced Streaming Format. It was developed by Microsoft which used to send and receive data for MPG, AVI format, etc. ASF files do not select a specific agreement, while take the automatic selection of the agreement can be used to send data, now, its scope of application is becoming more and more widely.
For digital fans, like me, we would meet kinds of problems like converting, software compatibility and so on. There is not current course to solve them so we need to solve them by ourselves. ASF format couldn’t be used in all formats so we need to convert this format to others. Then we need some tools to help us. This is also a big project but luckily, I found some tools to share with you.
I found lots of ASF converters from Internet. Some are vey good while some really useless. The tool I find is really versatile and it can convert ASF to SWF and ASF to flash Video etc. You could see any popular format in my favorites, you know, I cost too much time in finding them. I would like to tell you how I could find them.
One of the best place I collect these tools is http://www.flvsoft.com. ASF to Flash or ASF to FLV Converter is powerful converting software for windows media like asf and wmv. It lets you easily convert ASF to Flash, ASF to FLV and ASF to Flash SWF. Still, nearly all of software in the site is free to try which attractive most for me. If you are interested in it, you could take a look at them by yourself.

Hello world!

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!