A security bug in Winamp is being exploited by miscreants to install spyware on machines running the media player software, experts have warned.

http://sunbeltblog.blogspot.com/2006...953448796.html

The flaw was disclosed on Monday, when Winamp maker Nullsoft, a division of America Online, released an update to fix it. The company posted version 5.13 of Winamp, while Secunia and other security companies issued alerts about the problem. Secunia rated the issue "extremely critical," its highest rating.

"Not following the recommendation from Nullsoft to upgrade to version 5.13 could result in the extremely nasty CWS Looking-For.Home Search Assistant infection as well as an installation of our good friend SpySheriff," Thomas wrote. Antivirus software is not yet detecting this exploit, he wrote.
The Winamp problem affects version 5.12 of the media player. Earlier versions may also be affected. On Friday, the malicious Web site referred to by Sunbelt, 008k.com, appeared to be offline. The site displayed a message: "Site is closed for abuses."

Download Update: http://www.winamp.com/player/