Trojan.Downloader.Wimad.D
VERY HIGH
LOW
450
()
Symptoms
At the end of playing the "media file", a webpage is accessed.
Take note that the file could have any other extension that Windows Media Player can handle, such as ".asf", ".wmv", ".aiff", ".midi", “.wma” or others.
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Adrian Stefan Popescu, virus researcher
Technical Description:
This is a disguised application under a common media file extension meant to trick the users into accessing different web pages. Because of the common misconception that malware or viruses are found only in executables, the user could be lead to trust this strategy and install the downloaded threat without their knowledge.
This application is an exploit for Windows Media Player files. This feature is to open a webpage when the file playing ends. So, this way other files can be downloaded. They can also be used as adware.
The accessed webpage looks like: http://www.[hidden]sx.com from where the user is redirected to an adult webpage and from where he can download an update to the "media file". The update (detected as: Trojan.Downloader.Wimad.F ) is exploiting a media file in the same way, which then redirects to another adult webpage.
It is unable to replicate by itself, or to infect other files. It relies on websites, or file sharing applications to spread.
SHARE
THIS ON