Posted by: David Harley | July 30, 2010

Quicktime and Malware: no pinch of “Salt” necessary

Marco Dela Vega, Senior Threat Researcher at Trend Micro, has reported today that criminals are making use of the fact that Quicktime Player 7.6.6 allows movie files to trigger file downloads.

Trend’s Benson Sy has encountered two files (“001 Dvdrip Salt.mov” and “salt dvdrpi [btjunkie][xtrancex].mov”) using interest in Angelina Jolie’s movie “Salt” to trick victims into downloading malware masquerading as a codec update or another player installation.

While it’s not uncommon for Mac malware to use the fake codec approach, the malware Trend is reporting is Windows-specific.

Tip of the hat to Ivan Macalintal for drawing my attention (and that of other Apple-oriented researchers) to the issue.

David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer

About these ads

Responses

  1. [...] info on .MOV malware Further to my post yesterday about malware using Quicktime movies as part of the dissemination and download of Windows [...]

  2. [...] I blogged on the independent Mac Virus site about a threat making use of .MOV (movie) files. That blog refers [...]

  3. Dude, there’s an ad for Trend Micro on your blog! Ha ha.

    • Yes, I’ve just noticed that Mac Virus has been targeted for Google Adsense, which is throwing all sorts of AV links at it (even ESET’s). I don’t know how long it’s been happening: I don’t see that stuff on the machine I use for updating it. It’ll cost me $30 for each of my blogs to stop it, so I may well start using other blog providers instead. As far as I can tell, it’s just on this one right now: maybe that’s because it’s by far the one that gets most hits. :-/

  4. [...] I blogged on the independent Mac Virus site about a threat making use of .MOV (movie) files. That blog refers [...]

  5. Usefull information, thanks

  6. [...] I blogged on the independent Mac Virus site about a threat making use of .MOV (movie) files. That blog refers [...]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

Follow

Get every new post delivered to your Inbox.

Join 32 other followers

%d bloggers like this: