Threat behavior
TrojanDownloader:QT/Waick.A is the detection for specially-crafted, malicious Quicktime media files that are used to encourage users to download and execute arbitrary files on the computer. When opened with Quicktime Player, these malicious files open a particular URL in a web browser.
Â
In the wild, we have observed these URLs directing users to executable files. Presumably, users then download and run the executable in an attempt to play the malicious media file.
Â
Media files detected as TrojanDownloader:QT/Waick.A have been distributed with as MOV files, using many different and enticing filenames.
Â
When the Quicktime player is opened to play the malicious media file, the titlebar caption is set by the loaded file, as in the following example:
Â
Â
A web browser window opens immediately after the media file is loaded, as in the following example:
Â
Â
The file being offered to the user for download may be malicious.
Â
Analysis by Marian Radu
Prevention
