Posted by: David Harley | July 30, 2010

Quicktime and Malware: no pinch of “Salt” necessary

Marco Dela Vega, Senior Threat Researcher at Trend Micro, has reported today that criminals are making use of the fact that Quicktime Player 7.6.6 allows movie files to trigger file downloads.

Trend’s Benson Sy has encountered two files (“001 Dvdrip Salt.mov” and “salt dvdrpi [btjunkie][xtrancex].mov”) using interest in Angelina Jolie’s movie “Salt” to trick victims into downloading malware masquerading as a codec update or another player installation.

While it’s not uncommon for Mac malware to use the fake codec approach, the malware Trend is reporting is Windows-specific.

Tip of the hat to Ivan Macalintal for drawing my attention (and that of other Apple-oriented researchers) to the issue.

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer

About these ads

Posted in David Harley, Quicktime Player, Trend Micro | Tags: , , , , , , , , , , , ,

«
»

Responses

  1. [...] info on .MOV malware Further to my post yesterday about malware using Quicktime movies as part of the dissemination and download of Windows [...]

    By: More info on .MOV malware « Mac Virus on July 31, 2010
    at 13:02

    Reply

  2. [...] I blogged on the independent Mac Virus site about a threat making use of .MOV (movie) files. That blog refers [...]

    By: Triflex Enterprise | Quicktime,malicious movies and Angelina Jolie on July 31, 2010
    at 13:16

    Reply

  3. Dude, there’s an ad for Trend Micro on your blog! Ha ha.

    By: larry seltzer on July 31, 2010
    at 13:20

    Reply

    • Yes, I’ve just noticed that Mac Virus has been targeted for Google Adsense, which is throwing all sorts of AV links at it (even ESET’s). I don’t know how long it’s been happening: I don’t see that stuff on the machine I use for updating it. It’ll cost me $30 for each of my blogs to stop it, so I may well start using other blog providers instead. As far as I can tell, it’s just on this one right now: maybe that’s because it’s by far the one that gets most hits. :-/

      By: David Harley on July 31, 2010
      at 14:17

      Reply

  4. [...] I blogged on the independent Mac Virus site about a threat making use of .MOV (movie) files. That blog refers [...]

    By: Quicktime,malicious movies and Angelina Jolie | Security Antivirus Virus on July 31, 2010
    at 21:48

    Reply

  5. Usefull information, thanks

    By: Kenny Olsen on August 1, 2010
    at 07:46

    Reply

  6. [...] I blogged on the independent Mac Virus site about a threat making use of .MOV (movie) files. That blog refers [...]

    By: Quicktime,malicious movies and Angelina Jolie | ESET ThreatBlog on August 4, 2010
    at 21:38

    Reply


Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 25 other followers

%d bloggers like this: