Peaches Posted August 3, 2010 Report Share Posted August 3, 2010 QuickTime Player Allows Movie Files to Trigger Malware Download QuickTime Player (version 7.6.6) allows movie files to trigger the download of files and cybercriminals are using this to download malware from malicious websites. Trend Micro threat research engineer Benson Sy encountered two .MOV files (salt dvdrpi [btjunkie][xtrancex].mov and 001 Dvdrip Salt.mov) that both used the recent movie Salt, starring Angelina Jolie. It looks suspicious enough because of its relatively small size compared with regular movie files. When the movie files are loaded to QuickTime, it doesn't show any live action scenes but leads users to download malware pretending to be either an update codec or another player installation. We are still investigating whether the malware is exploiting a vulnerability or using a known functionality to download other malware. The first .MOV file connects to http://{BLOCKED}.{BLOCKED}.53.196/stat1/pix1.php, which redirects to http://{BLOCKED}.{BLOCKED}.8.120/cms/976/1/QuickTime_Update_KB640110.exe. It then asks the user to save or run the file. Trend Micro detects this as TROJ_TRACUR.SMDI. More on this topic plus screenshots - http://blog.trendmicro.com/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.