Achtung: Update-Funktion vom KMPlayer installiert Viren

[zahni 587]

Hi,

 

Siehe dazu

 

http://forum.avira.com/wbb/index.php?page=Thread&threadID=155005

 

Ich habe das mal nachvollzogen.

 

Der Installer lädt in der Tat von einem Update-Server einen Virus:

 

hxxp://cdn_dot_pandora.tv/KMP/player/update/kmp_3.6.0.87_20130803063949.exe

 

https://www.virustotal.com/en/file/42e928594c47b43f8d9344b4f9fa156f1189d40384c55988b4808aa9fb7429c9/analysis/1375532164/

 

Wer den KMPlayer installiert hat, den PC unbedingt auf Viren prüfen

 

Siehe HTTP-Trace

GET /player/ini_goods/?encode=1 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: update.kmpmedia.net
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 302 Found
Date: Sat, 03 Aug 2013 12:14:31 GMT
Server: Apache/2.4.4 (Unix) PHP/5.4.12
X-Powered-By: PHP/5.4.12
Location: http://cdn.pandora.tv/KMP/player/ini/goods/kmp_ini_goods_00_1_20130802021853.7z
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /KMP/player/ini/goods/kmp_ini_goods_00_1_20130802021853.7z HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: cdn.pandora.tv
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 200 OK
Date: Sat, 3 Aug 2013 12:08:49 GMT
Server: Apache
Last-Modified: Fri, 02 Aug 2013 05:18:55 GMT
ETag: "1118"
Accept-Ranges: bytes
Content-Length: 4376
Cache-Control: max-age=946080000
Expires: Mon, 27 Jul 2043 12:08:49 GMT
Content-Type: application/x-7z-compressed
Caching Server: WebCachingServer(WT-6K)

------------------------------------------------------------------
GET /player/goods/?sq=5&division=d HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: update.kmpmedia.net
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 302 Found
Date: Sat, 03 Aug 2013 12:14:45 GMT
Server: Apache/2.4.4 (Unix) PHP/5.4.12
X-Powered-By: PHP/5.4.12
Location: http://cdn.pandora.tv/KMP/player/update/kmp_3.6.0.87_20130803063949.exe
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /KMP/player/update/kmp_3.6.0.87_20130803063949.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: cdn.pandora.tv
Connection: Keep-Alive
Pragma: no-cache

HTTP/1.1 200 OK
Date: Sat, 3 Aug 2013 12:08:55 GMT
Server: Apache
Last-Modified: Fri, 02 Aug 2013 21:39:51 GMT
ETag: "33000"
Accept-Ranges: bytes
Content-Length: 208896
Cache-Control: max-age=946080000
Expires: Mon, 27 Jul 2043 12:08:55 GMT
Content-Type: application/x-msdownload
Caching Server: WebCachingServer(WT-6K)

------------------------------------------------------------------
GET /player/goods/?sq=5&division=d HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: update.kmpmedia.net
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Sat, 03 Aug 2013 12:15:07 GMT
Server: Apache/2.4.4 (Unix) PHP/5.4.12
X-Powered-By: PHP/5.4.12
Location: hxxp://cdn_dot_pandora.tv/KMP/player/update/kmp_3.6.0.87_20130803063949.exe
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /KMP/player/update/kmp_3.6.0.87_20130803063949.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Range: bytes=1024-
Connection: Keep-Alive
Host: cdn.pandora.tv
If-Range: "33000"

HTTP/1.1 206 Partial Content
Date: Fri, 02 Aug 2013 21:41:01 GMT
Server: Apache
Last-Modified: Fri, 02 Aug 2013 21:39:51 GMT
ETag: "33000"
Accept-Ranges: bytes
Content-Length: 207872
Cache-Control: max-age=946080000
Expires: Sun, 26 Jul 2043 21:41:01 GMT
Content-Type: application/x-msdownload
Caching Server: WebCachingServer(WT-6K)
Content-Range: bytes 1024-208895/208896

------------------------------------------------------------------