Wednesday, August 19, 2009

cover

A recently leaked threesome sex tape, involving Grey's Anatomy's "McSteamy" Eric Dane and wife Rebecca Gayheart, has been circulating around the internet. And we all know that controversial stuff like these are often taken advantage of and used to distribute malware using techniques such as social engineering and SEO (search-engine optimization). Users of one particular website have been spotted to be talking about the sex tape. There was no video on the site itself so people wanting to see the video might be enticed to clicking the links posted by fraudulent users and are tricked into downloading and installing malware on their computers.

There's one such post suggesting we go to hentaiplace.org to watch the leaked video:

3somecomment

Here the malware poses as a fake video codec Divxcoder that users need to install in order to watch the video.
hxxp://hentaiplace.org/play.php?id=Eric_Dane_and_Rebecca_Gayheart_sex_tape

hentaiplace

Following the download link hxxp://hentaiplace.org/promo.php, we are redirected to hxxp://fiopolosa.com/download/7933547766773d3dd846130c20090815/FlashCodecPlugin.exe

The malware presents the user with a License Agreement while doing its dubious deeds in the background. And you don't even need to agree to the License Agreent to install the malware!

divxcoder

The malware changes the affected computer's DNS settings to use the following IP Addresses as DNS servers:
85.255.112.80
85.255.112.168


This means that the affected computer's will have to contact these IPs for name resolution and this gives the bad guys a really good opportunity to redirect users to fake websites and steal passwords, login details and other confidential information.

This malware employs TDSS rootkit in order to hide its presence on the infected machine.

No comments:

Post a Comment