Activate movie files causes download malware
Trend Micro reports that QuickTime Player (version 7.6.6) allows movie files automatically enable downloading files and cybercriminals are taking advantage of this to download malware from malicious Web sites.
IT Journal 03/08/10 11:59:00
The threat research engineer at Trend Micro, Benson Sy, found two .MOV files (001 Dvdrip Salt.mov and salt dvdrpi [btjunkie] [xtrancex] .mov) using the movie Salt starring Angelina Jolie and recently released in U.S. These files are suspect because they have a relatively small size compared to the usual movies.
When the user loads the file to QuickTime movie, the player shows no scene of the film, but it takes the user to download malware pretending to be a codec upgrade or another player installation. Trend Micro is still investigating if the malware is exploiting a vulnerability or using a feature known to download other malware.