Monday, December 7, 2009

Fake codec used by porn site

Here's another porn site distributing malware under the guise of video codecs:


Unsuspecting users wanting to view the adult videos are tricked into downloading and installing the fake codec.

The fake codec can be downloaded from this url:


The server spits out files that have different MD5s each time.

ThreatExpert report here


Here's another site that purports to host "Free Full Lenght Movie" porn clips and uses fake video codecs in order to lure unsuspecting users into downloading and installing their rogue antivirus software:


Clicking anywhere on the video screen area gives us the following link to a file named video.exe:


Which is a fake antivirus software under the Security Tool family of Fake AVs.