A long list of porn sites currently are attacking recent quicktime and some other older browser side vulnerabilities. Unfortunately, it looks like some of our users are getting hit with this stuff in the wild — these exploits and malware are prevalent.
It looks as though the purpose is to download, install, and run a service that acts as a trojan clicker. Clickers like this one continue to fetch web pages from related porn sites and their banner ad links in the background, without the user noticing (although your network card and cpu might appear to be pretty busy!). This activity turns into revenue for the individuals hosting the sites that the clickers are fetching pages from. Here is what an infected system with the installed service looks like:
UPDATE: The Quicktime rtsp streams appear to be down for the moment. But the CVE-2005-4560 wmf files targeting the Microsoft Gdi vulnerability of long ago continue to be delivered, as are the .ani files targeting Microsoft vulnerabilites as well.
UPDATE2: Threatfire continues to stop the component delivery. If your system isn’t patched for the .ani and .wmf exploits that the sites deliver, TF stops the BoF exploit. If the exploit delivered components somehow end up on your system, TF detects the components as a Trojan clicker. These Trojan.Clicker.Syspose components are delivered from a couple web sites hosted in the Ukraine.