Thursday, August 27, 2009

Porn site distributes scareware

Another website has recently been spotted to be serving up malware in the guise of fake video codecs.

This one praises itself as "The Best Nude Celebrity Movie Site"
hxxp://alyssafan.net/1.html

face_codec

But in order to watch the any video, we would need to download and install their "Certified ActiveX video codec (VAC codec) use to protect content Copyrights"

The fake fake codec can be downloaded here:
hxxp://alyssafan.net/Mediacodec_v4.8.exe

One of the components used in this attack is an onfuscated javascript file that can be found in the %temp% folder.

obfuscated

This script translates to:

deobfuscated

This script downloads:
hxxp://ue4x08f5myqdl.cn/u3.exe

Which then gives us scareware Safety Center:

safetycenter

Beware of fake video codecs!
Posted by at
Labels: , , , , , , , , , , , , , , ,

2 comments:

  1. dalena johnsonOctober 22, 2009 at 3:41 PM

    keep up the good work i enjoyed reading your blog....

    ReplyDelete
  2. Steve EspinoOctober 22, 2009 at 3:45 PM

    thank you dalena. my pleasure!

    ReplyDelete

Subscribe to: Post Comments (Atom)