Home / malwarePDF  

TrojanDownloader:QT/Waick.A


First posted on 13 August 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:QT/Waick.A is also known as Exploit.Win32.QuickLoad.b (Kaspersky), EXP/QuickTime.A (Avira), Exploit.QuickTime.4 (Dr.Web), MOV/Exploit.QuickTime.A (ESET), Exploit.Win32.QuickLoad (Ikarus), Exploit.Win32.QuickLoad.a (Sunbelt Software), TROJ_QUICKTM.A (Trend Micro).

Explanation :

TrojanDownloader:QT/Waick.A is the detection for specially-crafted, malicious Quicktime media files that are used to encourage users to download and execute arbitrary files on the computer. When opened with Quicktime Player, these malicious files open a particular URL in a web browser.
Top

TrojanDownloader:QT/Waick.A is the detection for specially-crafted, malicious Quicktime media files that are used to encourage users to download and execute arbitrary files on the computer. When opened with Quicktime Player, these malicious files open a particular URL in a web browser. In the wild, we have observed these URLs directing users to executable files. Presumably, users then download and run the executable in an attempt to play the malicious media file. Media files detected as TrojanDownloader:QT/Waick.A have been distributed with as MOV files, using many different and enticing filenames. When the Quicktime player is opened to play the malicious media file, the titlebar caption is set by the loaded file, as in the following example: A web browser window opens immediately after the media file is loaded, as in the following example: The file being offered to the user for download may be malicious.

Analysis by Marian Radu

Last update 13 August 2010

 

TOP