Home / malware TrojanDownloader:ASX/Wimad.BR
First posted on 13 July 2009.
Source: SecurityHomeAliases :
There are no other names known for TrojanDownloader:ASX/Wimad.BR.
Explanation :
TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
TrojanDownloader:ASX/Wimad is a detection for malicious Windows media files that are used in order to encourage users to download and execute arbitrary files on an affected machine. When opened with Windows Media Player, these malicious files open a particular URL in a web browser.
Installation
TrojanDownloader:ASX/Wimad.BR is a malicious Advanced Streaming Format (ASF) file, which when opened by Windows Media Player, urges a user to download and execute an arbitrary file. In the wild, files detected as TrojanDownloader:ASX/Wimad.BR have been observed being distributed with file extensions such as .MP3 .ASF .WMA and .ASX. The file names used have been varied and enticing.
Payload
Downloads other malwareAt the time of writing Wimad.BL contacts the IP address 85.17.93.189 and downloads the file 'windows_media_update.exe'. This file is currently detected as TrojanDownloader:Win32/Tracur.A. Microsoft strongly suggest that users avoid downloading and executing any files when prompted by Windows Media Player upon opening streaming format files.
Analysis by Francis Allan Tan SengLast update 13 July 2009
