Home / malware

PDF

TrojanDownloader:ASX/Wimad.AI

First posted on 27 March 2009.
Source: SecurityHome

Aliases :

There are no other names known for TrojanDownloader:ASX/Wimad.AI.

Explanation :

TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser.

Symptoms
There are no obvious symptoms that indicate the presence of this malware on an affected machine.

TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser.

Installation
TrojanDownloader:ASX/Wimad.AI is a malicious Advanced Streaming Format (ASF) file, which when opened by Windows Media Player, urges a user to download and execute an arbitrary file, as in the following example: At the time of writing we observed files being downloaded by this malware from the 'funxy.biz' domain. We strongly suggest that users avoid downloading and executing any files when prompted by Windows Media Player upon opening streaming format files.

Analysis by Dan Kurc

Last update 27 March 2009

 

TOP