Threat Database Trojans TROJ_MDIEXP.QYUA


By Domesticus in Trojans

Threat Scorecard

Ranking: 1,970
Threat Level: 20 % (Normal)
Infected Computers: 35,728
First Seen: January 27, 2012
Last Seen: September 20, 2023
OS(es) Affected: Windows

The TROJ_MDIEXP.QYUA Trojan has been linked to several cases of malware attacks in early 2012. These take advantage of an exploit which uses a vulnerability contained in Windows Media Player. Since this vulnerability was disclosed, Microsoft has released a patch in one of its latest updates which fixes this problem. However, criminals have used this small window to infect as many unpatched computer systems as possible. Because of this, it is extremely important that computer users with the Windows operating system, especially 32-bit Windows, download and install the latest update from Microsoft.

TROJ_MDIEXP.QYUA is linked to the CVE-2012-0003 vulnerability, also known as the MIDI Remote Code Execution Vulnerability. This vulnerability allows criminals to attack your computer system with a corrupted MIDI file which forces the victim's computer system to execute a code which prompts it to download an extremely dangerous rootkit from a remote server. TROJ_MDIEXP.QYUA is the MIDI file itself. TROJ_MDIEXP.QYUA attack is a multi-component attack. TROJ_MDIEXP.QYUA is the most important part of this attack, since TROJ_MDIEXP.QYUA enables the exploit which allows criminals to gain access to the victim's computer system.

How a TROJ_MDIEXP.QYUA Trojan Attack Works

The malware attack is initiated by HTML_EXPLT.QYUA, a malicious HTML to which the victim will be exposed through social engineering or a similar scam. This malicious HTML will be hosted on a malicious domain that also contains TROJ_MDIEXP.QYUA in the form of a corrupted MIDI file and a Java script which is then used to force the victim's computer to download another malware infection containing the payload for this multi-component attack. The MIDI file, detected as TROJ_MDIEXP.QYUA, triggers the vulnerability on the victim's computer. This vulnerability can then be exploited in order to download and install a dangerous payload. The effects of the payload associated with TROJ_MDIEXP.QYUA vary from one infection to the other. TROJ_MDIEXP.QYUA itself is the component that is charged with exploiting this vulnerability, allowing the criminals to gain access to the victim's computer. In other words, TROJ_MDIEXP.QYUA is merely the crowbar which an intruder uses to pry a door open before robbing a house. What that burglar does inside the victim's house varies from one case to the other. Coincidently, criminals can use TROJ_MDIEXP.QYUA to install a variety of malware infections on their victims' computers.


TROJ_MDIEXP.QYUA may call the following URLs:


Most Viewed