EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|20 % (Normal)
|January 27, 2012
|September 20, 2023
The TROJ_MDIEXP.QYUA Trojan has been linked to several cases of malware attacks in early 2012. These take advantage of an exploit which uses a vulnerability contained in Windows Media Player. Since this vulnerability was disclosed, Microsoft has released a patch in one of its latest updates which fixes this problem. However, criminals have used this small window to infect as many unpatched computer systems as possible. Because of this, it is extremely important that computer users with the Windows operating system, especially 32-bit Windows, download and install the latest update from Microsoft.
TROJ_MDIEXP.QYUA is linked to the CVE-2012-0003 vulnerability, also known as the MIDI Remote Code Execution Vulnerability. This vulnerability allows criminals to attack your computer system with a corrupted MIDI file which forces the victim's computer system to execute a code which prompts it to download an extremely dangerous rootkit from a remote server. TROJ_MDIEXP.QYUA is the MIDI file itself. TROJ_MDIEXP.QYUA attack is a multi-component attack. TROJ_MDIEXP.QYUA is the most important part of this attack, since TROJ_MDIEXP.QYUA enables the exploit which allows criminals to gain access to the victim's computer system.
How a TROJ_MDIEXP.QYUA Trojan Attack Works
The malware attack is initiated by HTML_EXPLT.QYUA, a malicious HTML to which the victim will be exposed through social engineering or a similar scam. This malicious HTML will be hosted on a malicious domain that also contains TROJ_MDIEXP.QYUA in the form of a corrupted MIDI file and a Java script which is then used to force the victim's computer to download another malware infection containing the payload for this multi-component attack. The MIDI file, detected as TROJ_MDIEXP.QYUA, triggers the vulnerability on the victim's computer. This vulnerability can then be exploited in order to download and install a dangerous payload. The effects of the payload associated with TROJ_MDIEXP.QYUA vary from one infection to the other. TROJ_MDIEXP.QYUA itself is the component that is charged with exploiting this vulnerability, allowing the criminals to gain access to the victim's computer. In other words, TROJ_MDIEXP.QYUA is merely the crowbar which an intruder uses to pry a door open before robbing a house. What that burglar does inside the victim's house varies from one case to the other. Coincidently, criminals can use TROJ_MDIEXP.QYUA to install a variety of malware infections on their victims' computers.
TROJ_MDIEXP.QYUA may call the following URLs: