Trojan.Downloader.WMA.Wimad.N
| Alert Level : | verylow |
| Discovered: | 2008Apr07 |
| Tag: | Trojan Downloader |
| Discoverer and Source: | http://www.bitdefender.com/ |
Malware Behavior and Technical Description
While accessing the ".wma" which is a media file extension the following behavior is noticed :
- A browser page opens to a certain webpage ( fastmp3player.com )
- It tries to download and execute (when the user hits run on IE ) a malware from the mentioned site.
This is an disguised application meant to trick the user to download and execute a malware. Usually it states the false incapacity of your software configuration to view this kind of media. Due to the common misconception that malware or viruses are only in executables, the user could be lead to trust this strategy and install without his knowledge the downloaded threat.
The file could be saved with different names of various celebrities, usually events or generally appealing things to users. This makes the malware spread with the help of users.
First , the malware opens a browser window to fastmp3player.com where it gets a file , which is an installer signed with the name Adware.PlayMp3z.A ( a detailed description of this malware here : http://www.bitdefender.ro/VIRUS-1000279-ro--Adware.PlayMp3z.A.html ). The downloaded file is saved with the name "PLAY_MP3.exe" .
Removal Trojan.Downloader.WMA.Wimad.N instructions:
Please let BitDefender disinfect your files.
Need help? Live computer support via remote at SupportSpace |
