Archived Blog
Click here to download a higher resolution video (.mov)
Now that we have stepped through how the infection works and have verified that some files have been injected, all we have to do is play one of the files to see the attack in action. As seen below in a re-created picture, the user is prompted to download and run a malicious file, which is advertised as a codec:
Users have likely received such messages when they were actually missing a video codec, so it is likely they will think nothing of it and click Run, hence infecting themselves with additional malware.