Threat Database Trojans HTML_EXPLT.QYUA


By GoldSparrow in Trojans

HTML_EXPLT.QYUA is a malicious HTML that takes advantage of a known vulnerability in Windows Media Player. This vulnerability was disclosed and patched recently. To avoid becoming infected with malware that takes advantage of this security hole, ESG security analysts strongly advise patching your operating system by downloading the latest downloads. This vulnerability is known as CVE-2012-0003 or the MIDI Remote Code Execution Vulnerability. Basically, criminals can use a corrupted MIDI file in order to take advantage of this vulnerability which then allow criminals to inject and execute other malware on the victim's computer system.

How HTML_EXPLT.QYUA Attacks Your Computer System

HTML_EXPLT.QYUA initiates the malware attack. It is hosted on the malicious domain hxxp://images.{BLOCKED} Criminals can use social engineering in order to direct their victims to this URL, usually by convincing them to click on an embedded link within an unsolicited email message or social network message. On the same domain are two other components of this multi-component attack, the MIDI file which is needed for the exploit and a Java script which is needed in order to decode the code within HTML_EXPLT.QYUA. The HTML_EXPLT.QYUA file basically directs the attack, calling on the MIDI file to trigger the vulnerability on the victim's computer and then using the Java script to decode the code within HTML_EXPLT.QYUA. This code connects to another remote server in order to download and install a malware infection on the victim's computer system.

The Effects of an HTML_EXPLT.QYUA Attack

The results of an attack using the HTML_EXPLT.QYUA file and the exploit mentioned above can vary greatly from one case to the other. The HTML_EXPLT.QYUA merely conducts the attack. However, the payload is downloaded from a remote server. This payload can be anything, from a banking Trojan, a keylogger, or a Winlocker. According to ESG security researchers, the HTML_EXPLT.QYUA attacker has recently been linked to a dangerous malware attack involving a Trojan with rootkit capabilities and the ability to take over the victim's computer completely. Because of this, it is essential to ensure that you download the latest updates released by Microsoft in order to patch up this vulnerability. Without them, your computer is exposed to attack from an innocuous MIDI file. Computer systems that are fully patched are protected from the HTML_EXPLT.QYUA attack and the Windows Media exploit that HTML_EXPLT.QYUA uses to install malware on your computer.


Most Viewed