Follow:

 

TrojanDownloader:ASX/Wimad.CN


TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser.


What to do now

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser.
Installation
TrojanDownloader:ASX/Wimad.CN is a malicious Advanced Streaming Format (ASF) file, which when opened by Windows Media Player, urges a user to download and execute an arbitrary file.
 
In the wild, files detected as TrojanDownloader:ASX/Wimad.CN have been observed being distributed with file extensions such as .MP3 .ASF .WMA and .ASX. The file names used have been varied and enticing.
Payload
Downloads Win32/Hotbar
At the time of writing Wimad.CN contacts the website "pinballpublishernetwork.com" and downloads the file "vlcsetup.exe". The downloaded program is a variant of Adware:Win32/Hotbar.
 
Microsoft strongly suggest that users avoid downloading and executing any files when prompted by Windows Media Player upon opening streaming format files.
 
Analysis by Patrik Vicol

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.67.432.0
Latest detected by definition: 1.93.731.0 and higher
First detected on: Oct 06, 2009
This entry was first published on: Oct 05, 2009
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • ASF/Wimad!generic (CA)