[Michael]

American Idol singer Antonella Barba's name (and more!) *is being used in malware campaigns.

I found at least two different websites registered using her name, that are pushing malware.





The page is pretty straightforward... with the alleged video being the center of attention:



If you click on the video, it will redirect you to a page that tries to load streamviewer.40009.exe



The file is hosted on yet another domain created June 11, so still very recent.



A Robtex analysis reveals some interesting connections:



You can see the domain names for scareware programs:



The malware file is not very well detected:



A clue to what it might be doing as a payload is revealed by this Fiddler analysis:



It looks like some click fraud using ad banners:





Every now and again, amongst redirections and pop ups you will see it trying to push rogueware:



Once again, this is a reminder of how celebrities are used in malware attacks. Their private lives interest people, which makes them a prime target for hackers.

Warning: all links are live and can infect your PC.

Jerome Segura