We recently received reports of a file named "ActiveXsetup.exe", which was downloaded from http://world-tube .biz.
For people that want to play the video, there's a notice written on the page on red font that "You may need to download an ActiveX video codec (VAC)…". This old trick is well-known and commonly used by other malware.
Remember the Facebook site that attempts to trick people into downloading and executing a fake Adobe Flash Player?
Still, what happens when an unsuspecting user downloads the "ActiveXsetup.exe codec", thinking it is legitimate software? Here’s the snapshot of it, as it is executed:
The file is a NSIS setup file, with a "Playme.exe" file inside the archive. Turns out the setup file is detected as Trojan:W32/TDSS.BR, while the Playme file is detected as Worm:W32/TDSS.BU.
So, more video sites serving malware. Watch out for these sites and stick to the trusted ones.