Home / malwarePDF  

TrojanDownloader:ASX/Wimad.V


First posted on 01 May 2009.
Source: SecurityHome

Aliases :

There are no other names known for TrojanDownloader:ASX/Wimad.V.

Explanation :

TrojanDownloader:ASX/Wimad.V is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser. The sites contacted, and files downloaded by TrojanDownloader:ASX/Wimad are variable, and may change over time and from instance to instance of this trojan downloader.

Symptoms
There are no obvious symptoms that indicate the presence of this malware on an affected machine.

TrojanDownloader:ASX/Wimad.V is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser. The sites contacted, and files downloaded by TrojanDownloader:ASX/Wimad are variable, and may change over time and from instance to instance of this trojan downloader.

Installation
TrojanDownloader:ASX/Wimad.V is a malicious Advanced Streaming Format (ASF) file, which when opened by Windows Media Player, urges a user to download and execute an arbitrary file.

In the wild, files detected as TrojanDownloader:ASX/Wimad.V have been observed being distributed with file extensions such as .MP3 .ASF .WMA and .ASX. The file names used have been varied and enticing. At the time of analysis TrojanDownloader:ASX/Wimad.V was observed to contact the 'www.tvcodec.net' domain and display the following page to get the user to download and execute a file of the attacker's choice. We strongly suggest that users avoid downloading and executing any files when prompted by Windows Media Player upon opening streaming format files.

Analysis by Ray Roberts

Last update 01 May 2009

 

TOP