Cybercrooks have begun using booby-trapped QuickTime files to infect internet pirates' computers.

Malicious files posing as the recent Angelina Jolie film Salt are now available on file sharing networks. When users attempt to view these poisoned downloads a prompt is generated offering to download "update codecs" - actually fake files loaded with Trojan horse malware.

At first the attack was thought to rely on an unpatched flaw in QuickTime, but Apple told Trend Micro this is not the case, and the attack relies solely on social engineering trickery.

The attack is therefore unrelated to the discovery of an unpatched flaw in QuickTime involving the handling of streaming movie files. The flaw poses a crucial code injection attack threat for users of QuickTime version 7.6.6 for Windows, security notification firm Secunia warns. ®

Related stories

• Beware the blizzard of torrents of Starcraft 2 (30 July 2010)

  https://www.theregister.com/2010/07/30/starcraft_2_trojan_warning_webroot/

• Adobe to fortify widely exploited Reader with security sandbox (20 July 2010)

  https://www.theregister.com/2010/07/20/adobe_reader_sandbox/

• Apple QuickTime update blocks media player bugs (1 April 2010)

  https://www.theregister.com/2010/04/01/quicktime_update/

• Pirate Bay clampdown prompted file sharing site spike (2 November 2009)

  https://www.theregister.com/2009/11/02/mcafee_security_report/

• Torrent crackdown pushing pirates towards file hosting (13 October 2009)

  https://www.theregister.com/2009/10/13/warez_hosting/

• µTorrent silently fixes long-standing zero-day vuln (14 August 2008)

  https://www.theregister.com/2008/08/14/utorrent_update/