Alerts

Inception, Robin Hood and other blockbusters haunted by Wimad

File sharing services shelter top e-threat

Users of various file-sharing platforms looking for (illegal) free copies of recently released motion pictures, such as Inception, Robin Hood or Predators, should think twice before hitting the Download button. Chances are that these movie aficionados will receive the nefarious Trojan.Wimad instead of the pirated versions of the hot stuff they’re after.

Ranking sixth in the BitDefender half-yearly malware chart and accounting for 2.68 percent of the total infections worldwide (according to the BitDefender H1 2010 E-Threat Landscape Report, Wimad exploits a feature built into multimedia files which allows a player to search for the appropriate codec when this is not installed.

Cybercriminals thought about making use of this feature in order to sell a piece of adware/fake video player or a rogue antivirus when the unprotected users run in their Windows® Media® Player the maliciously crafted ASF, WMV, (manually renamed) AVIs or any other extension associated with the player.

The formula is quite simple: take an (alleged multimedia) file, alter it, bundle it with the exploitation which Wimad uses and rename it after a blockbuster. Then upload it on sharing platforms and wait for it to be downloaded and played.

Winmad

Figure 1 – The Wimad “haunted” file is available on P2P torrent Web sites.

Winmad

Figure 2 – However, the alleged .AVI requires a “special player”.

Meanwhile, set up a Web site for a player or rogue AV, wait for the automatic codec searches to do their trick and ask for money from the gullible users.

Winmad

Figure 3 – The “special player” is not for free (although I guess a ticket is cheaper than the so-called player).

winmad

Figure 4 – On other sharing platforms, splitting the file into multiple archives to avoid detection functions as an interesting evasive maneuver

For the moment, I suggest you think twice before deciding not to buy a ticket and to download recently released movies from the underground. You never know what that file will actually bring you.

Safe surfing everybody!

The technical description referenced in this article is available courtesy of Daniel Chipiristeanu, BitDefender Threats Researcher.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Răzvan LIVINTZ

With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.