Attackers using QuickTime movies to redirect viewers to infected sites

Posted on Monday, August 02 2010 @ 15:19 CEST by Thomas De Maesschalck
Trend Micro security researchers warns the "wired actions" feature in QuickTime Player 7.6.6 makes it possible to redirect viewers to infected websites. The company reports it detected that two fake Salt movie trailers are out in the wild, when these clips are loaded they open a download screen to trick the user into installing malware. Alternative Quicktime file players like VLC Media Player aren't affected by this issue.
Trend Micro threat research engineer Benson Sy encountered two .MOV files (001 Dvdrip Salt.mov and salt dvdrpi [btjunkie][xtrancex].mov) that both used the recent movie Salt, starring Angelina Jolie. It looks suspicious enough because of its relatively small size compared with regular movie files.

When the movie files are loaded to QuickTime, it doesn’t show any live action scenes but leads users to download malware pretending to be either an update codec or another player installation. We are still investigating whether the malware is exploiting a vulnerability or using a known functionality to download other malware.
Source: Trend Micro Blog


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments