DomPlayer
   HOME

TheInfoList



Click Here for Items Related To - DomPlayer
OR:
DomPlayer on:   [Wikipedia]   [Google]   [Amazon]

3wPlayer is
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
that disguises itself as a Media player. It can infect computers running
Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
. It is designed to exploit users who download video files, instructing them to download and install the program in order to view the video. The 3wPlayer employs a form of
social engineering Social engineering may refer to: * Social engineering (political science), a means of influencing particular attitudes and social behaviors on a large scale * Social engineering (security), obtaining confidential information by manipulating and/or ...
to infect computers. Seemingly desirable video files, such as recent movies, are released via BitTorrent or other distribution channels. These files resemble conventional
AVI Avi is a given name, usually masculine, often a diminutive of Avram, Avraham, etc. It is sometimes feminine and a diminutive of the Hebrew spelling of Abigail. People with the given name include: * Avi (born 1937), Newbery award-winning Americ ...
files, but are engineered to display a message when played on most media player programs, instructing the user to visit the 3wPlayer website and download the software to view the video. The 3wPlayer is infected with Trojan.Win32.Obfuscated.en According to Symantec, 3wPlayer "may download" a piece of adware they refer to as Adware.Lop, which "adds its own toolbar and search button to Internet Explorer". A Perl script posted online can reportedly
decrypt In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
3wplayer files back into AVI. This claim has been tested with mixed results, as the intended AVI file is rarely the desired video file. Some developers have made an application3WPlayer Decoder
accessed on 2013/11/11 to automatically identify 3wPlayer encrypted files.


Clones

There are multiple 3wPlayer clones:


DivoCodec and X3Codec

The DivoCodec or Divo Codec or X3Codec has also been identified as a trojan similar to 3wPlayer. Users are instructed to download the
codec A codec is a device or computer program that encodes or decodes a data stream or signal. ''Codec'' is a portmanteau of coder/decoder. In electronic communications, an endec is a device that acts as both an encoder and a decoder on a signal or da ...
in order to view or play an AVI/MP4/MP3/WMA file, often downloaded via P2P programs. Instead of actual codecs, DivoCodec installs malware on the users computer. The DivoCodec is polymorphic and can change its structure. It has also been known to write to another process'
virtual memory In computing, virtual memory, or virtual storage is a memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "creates the illusion to users of a very l ...
( process hijacking).


DomPlayer

The DomPlayer is similar to the DivoCodec and 3wPlayer. Users are also instructed to download the player in order to view an AVI file. As with DivoCodec, false .avi are easily spotted because of the duration of the file, usually lying at 10–12 seconds, of which one can conclude that there is no chance that that file may be a film/TV series, despite the size of the file. This is not always the case however, as many distributors have recently begun falsifying the file meta data to display normal durations and file sizes.


x3 player

x3 player is similar to DomPlayer, and instructs users to download this player to view the avi file. Also circulated is a 5-second ASF video which is disguised as an MP3 file instructing users to install this player.


References

{{Reflist


External links


Symantec security briefingClears the avi file from any player related dataSame as above, just with a little explanation (removes the faulty header from avi files) Rogue software
Software that bundles malware">Rogue software">Same as above, just with a little explanation (removes the faulty header from avi files) Rogue software
Software that bundles malware