Cybercrooks have begun using booby-trapped QuickTime files to infect internet pirates' computers.
Malicious files posing as the recent Angelina Jolie film Salt are now available on file sharing networks. When users attempt to view these poisoned downloads a prompt is generated offering to download "update codecs" - actually fake files loaded with Trojan horse malware.
At first the attack was thought to rely on an unpatched flaw in QuickTime, but Apple told Trend Micro this is not the case, and the attack relies solely on social engineering trickery.
The attack is therefore unrelated to the discovery of an unpatched flaw in QuickTime involving the handling of streaming movie files. The flaw poses a crucial code injection attack threat for users of QuickTime version 7.6.6 for Windows, security notification firm Secunia warns. ®