Apple QuickTime Movie Player Installs MalwareResearchers at Trend Micro (an Internet security firm) have found that Apple QuickTime movies are being exploited to download malware. The 7.6.6 version of QuickTime Player allows movie files to activate the download of files and cybercriminals are taking advantage of this by downloading malware from malicious websites. Benson Sy, Threat Research Engineer at Trend Micro, came across two .MOV files (001 Dvdrip Salt.mov and salt dvdrpi [btjunkie][xtrancex].mov) and both used the recent Angelina Jolie starrer movie 'Salt', as reported by TrendLabs on July 30, 2010. TrendLabs identified these two malicious movie files as TROJ_QUICKTM.A. Marco Dela Vega, Senior Threat Researcher at Trend Micro, said that both the files pretended to contain Salt, but he became suspicious when he noticed the remarkable small size of those files as compared to the normal movie files, as reported by HELP NET SECURITY on July 30, 2010. When these files are loaded in QuickTime Player, they don't display any movie rather they open a download prompt for malware files appearing to be either an updated codec or an additional player installation. The first .MOV file links to http ://{BLOCKED}.{BLOCKED}.53.196/stat1/pix1.php, which further directs the users to another link. Afterwards, it asks the users to run or save the file. Trend micro identified the file as TROJ_TRACUR.SMDI. This Trojan can also be downloaded from remote websites through other malware or downloaded mistakenly by a user while surfing malicious websites. On the contrary, the second .MOV file links to http://play.{BLOCKED}nstaller.com/0.c, which redirects to http://player.{BLOCKED}nstaller.com/d77.php. It further downloads a file TROJ_DLOAD.QWK identified by Trend Micro. Like the previous file, it also asks the users to save or run the file. The security experts explained that the capability to download a file was an attribute of QuickTime movies; hence, cyber criminals were using social engineering instead of vulnerabilities. The experts further commented that this issue was not related to the vulnerability reported by Secunia (a security services provider). Secunia lately reported a highly dangerous vulnerability that affected the new version of Apple QuickTime Player for Windows. If the vulnerability was effectively exploited, then the arbitrary code could be inserted by the attacker and the computer could be compromised. Related article: Apple Patches QuickTime 13 Month Old Flaw ยป SPAMfighter News - 8/11/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
