2 min read

Inception, Robin Hood and other blockbusters haunted by Wimad

Răzvan LIVINTZ

July 22, 2010

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Inception, Robin Hood and other blockbusters haunted by Wimad

Users of various file-sharing platforms looking for (illegal) free copies of recently released motion pictures, such as Inception, Robin Hood or Predators, should think twice before hitting the Download button. Chances are that these movie aficionados will receive the nefarious Trojan.Wimad instead of the pirated versions of the hot stuff they’re after.

Ranking sixth in the BitDefender half-yearly malware chart and accounting for 2.68 percent of the total infections worldwide (according to the BitDefender H1 2010 E-Threat Landscape Report, Wimad exploits a feature built into multimedia files which allows a player to search for the appropriate codec when this is not installed.

Cybercriminals thought about making use of this feature in order to sell a piece of adware/fake video player or a rogue antivirus when the unprotected users run in their Windows® Media® Player the maliciously crafted ASF, WMV, (manually renamed) AVIs or any other extension associated with the player.

The formula is quite simple: take an (alleged multimedia) file, alter it, bundle it with the exploitation which Wimad uses and rename it after a blockbuster. Then upload it on sharing platforms and wait for it to be downloaded and played.

Winmad

Figure 1 – The Wimad “haunted” file is available on P2P torrent Web sites.

Winmad

Figure 2 – However, the alleged .AVI requires a “special player”.

Meanwhile, set up a Web site for a player or rogue AV, wait for the automatic codec searches to do their trick and ask for money from the gullible users.

Winmad

Figure 3 – The “special player” is not for free (although I guess a ticket is cheaper than the so-called player).

winmad

Figure 4 – On other sharing platforms, splitting the file into multiple archives to avoid detection functions as an interesting evasive maneuver

For the moment, I suggest you think twice before deciding not to buy a ticket and to download recently released movies from the underground. You never know what that file will actually bring you.

Safe surfing everybody!

The technical description referenced in this article is available courtesy of Daniel Chipiristeanu, BitDefender Threats Researcher.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author


Răzvan LIVINTZ

I rediscovered "all that technical jazz" with the E-Threat Analysis Team at Bitdefender, the creator of one of the industry's most effective lines of internationally certified security software.

View all posts

You might also like

Bookmarks


loader