i came across a certain number of mp3 files sized around 1 Mb (usualy 1.064 Kbs) which won't play when you open them but instead ask you to go to this site: http://www.realcodec.com/ to obtain a license. when i did so (curiosity is a strange thing) an unknown application launched, and stood there, in the middle of my screen, with (as far as i could see) nothing happening inside it's window. after ten seconds or so i killed it (had no trouble doing that) but then my browser opened and i got some message about my actions being tracked (or something like that, can't remember exactly) and i was advised to download some content presented with mozilla firefox logo. since by this time i came to my senses i closed the browser and scanned my computer for malware. (luckily, didn't find anything.) btw - when you try to open the site mentioned above typing the address in your browser (and not by accepting the "invitation" from your windows media player or wherever you've opend these mp3s) you get redirected to some anonymous porn site offering free "content".

naturaly, i started processing the strange acting mp3s with bitcollider and submitting the reports to bitzi database. they were all new to the database (rated them all with dangerous/misleading and mentioned a potential malware threat)

but the strange thing is (and this is where we come to my main question) that afterwards, when i searched the network for similar mp3 files (to see how widesperad they are and to report more of them to the database), i found out two things: a) there are literaly thousands of files like these (and i don't mean the copies, but the unique files) and b) with some of them the «right-clik-->advanced-->look up file with bitzi» command is disabled. as are the «chat with host» and «browse the host» commands (i'm a limewire user).

my questions are: 1. how is this possible? (the only file i came across which has these commands disabled is the official copy of limewire pro) and 2. any information on these files whatsoever?, cause i'm about to process them to the database in the next 2 days (about 120 files) and would like to have some solid information on them to offer in my ratings and comments.

thank you all in advance.

ok, since tommorow at this time i'll be deprived of any internet connection for about a month and a half i couldn't wait any longer on replies concerning this topic to start submitting the bitprints of the files in question to bitzi database. however, prior to that i went through the whole thing once more. when the unknown application is launched nothing (at least nothing noticable) happens no matter how long you keep it running. when i close the application my browser is launched displaying page with big red "warning" header and a message: "Your activities have been logged." and a table underneath it specifying system time, browser, isp, hostname, place of origin, operating system, ip address, latitude/longitude, abuse contact and some detailed information on environment variables. none of this information is on me, but on somebody else. after this information the same page offers me big green "solution". "Get Google Pack. Protect your privacy." Although some pretty cheesey "info" on the importance of keeping your privacy private follows it seems as a genuine google offer and links offered do lead to google's download page.

concerning all the above, i took the liberty to rate all these files with dangerous/misleading (with following comment: "can't play file. asked to obtain license. launches an application. nothing to do with "license"."). if my rating is somehow wrong the files are still incomplete at best or completely fake so i believe not much damage is done.

anyway, i'm still lively interested in your experiences / opinions on my 2 questions from the first post. but i must apologize in advance for not being able to read or reply anything posted later than tommorow around 4 p.m.

p.s. sorry for this two looooong posts. it could have been said shorter and much more concise. i'm not a native english speaker and besides never had this kind of experience when downloading fucking mp3 files. thanx for your patience.

Realcodec.com has been designated by McAfee as a red site.

That means don't go there. It'sfull of spyware and you will get your mail box full of spam every day.

Bill

i've opened this program. ran norton. watched effects and i'm still waiting on a problem to occur personally i think that it is just shit programming designed to scare begginer and basic users. Still though not a wise idea to run it just to see "what happens" just like i did. on a personal note though i think that it is unfair that knobs would post files like these.(MP 3 files are meant to be a safe haven from viruses)

yours Wullie

Those were actually .wma files, and they were specially crafted to cause Windows Media Player to open Internet Explorer to the malicious web site.

That's where you get infected, when IE hits that nasty site with all the exploits ready to attack.

The audio files themselves are otherwise harmless and you would be safe if you avoid using the vulnerable Windows Media Player and IE.

I use Firefox for web browsing and Media Player Classic or VLC Media Player for videos and good old Winamp for music. Get those and set them up as the default programs for media and web browsing. You'll never again have to worry about boobytrap media files and web sites. :)

I've downloaded an wmv like that that said it had porn just out of curiosity, and seeing it won't open with Bsplayer, my usuall codec, I used Windows Media Clasic or what's it called, it instantly opened 3 porn sites :))))) , thankfully in Firefox. After that, I even told my pals on the net, if it would have opened with IE, my computer would have probably died.

PS DON'T BELIEVE ANYTHING ANY VIDEO FILE TELLS YOU ABOUT SPYWARE, licensing, etc. It's a lure to their site, which in best case can be just a cheap publicity, worse case what it stated there, full of malware.