Trend Micro security researchers warns the "wired actions" feature in QuickTime Player 7.6.6 makes it possible to redirect viewers to infected websites. The company reports it detected that two fake Salt movie trailers are out in the wild, when these clips are loaded they open a download screen to trick the user into installing malware. Alternative Quicktime file players like VLC Media Player aren't affected by this issue.
Trend Micro threat research engineer Benson Sy encountered two .MOV files (001 Dvdrip Salt.mov and salt dvdrpi [btjunkie][xtrancex].mov) that both used the recent movie Salt, starring Angelina Jolie. It looks suspicious enough because of its relatively small size compared with regular movie files.
When the movie files are loaded to QuickTime, it doesn’t show any live action scenes but leads users to download malware pretending to be either an update codec or another player installation. We are still investigating whether the malware is exploiting a vulnerability or using a known functionality to download other malware.