<<<
Wednesday, March 25, 2009
>>>
 
Another Day, Another Video Site with Malware Posted by Response @ 06:53 GMT

We recently received reports of a file named "ActiveXsetup.exe", which was downloaded from http://world-tube .biz.

World-tube

For people that want to play the video, there's a notice written on the page on red font that "You may need to download an ActiveX video codec (VAC)…". This old trick is well-known and commonly used by other malware.

Remember the Facebook site that attempts to trick people into downloading and executing a fake Adobe Flash Player?

Still, what happens when an unsuspecting user downloads the "ActiveXsetup.exe codec", thinking it is legitimate software? Here’s the snapshot of it, as it is executed:

TDSS installer

The file is a NSIS setup file, with a "Playme.exe" file inside the archive. Turns out the setup file is detected as Trojan:W32/TDSS.BR, while the Playme file is detected as Worm:W32/TDSS.BU.

So, more video sites serving malware. Watch out for these sites and stick to the trusted ones.

Response Team post by — Lordian






<<< Something's Going Down @Twitter
|
Ad Supported Phone Applications and Proximity Services >>>