Home > ParetoLogic Blogs > Malware Diaries > Fake codec targets Russian users
Reply
 
Thread Tools Display Modes
  #1  
Old 07-21-2009, 05:28 PM
Michael Michael is offline
Administrator
Join Date: May 2007
Posts: 313
Default Fake codec targets Russian users
The following domain, *sexvideorussia.com pushes a fake codec in the form of.... a WSF file (Windows Script File).

sex

The file datafeeder.swf contains obfuscated JavaScript:

sex2

If you run it, it will install a BHO tied to bpfeed.dll

sex3

That BHO is going to inject ads into your webpages, as this VirusTotal screen cap shows:

sex4

Since everything appears to be written in Russian, I assume it is targeting the same population.

On that same IP (88.208.19.153) there are similar sites pushing the same malware:

redxporno.com

sex5

besplatnoexxx.com

sex61

The domains appear to be registered to:

andrey smiyan
Lepkalno
19
Vilnus, 232000
Latvia

But the IP is located in the Netherlands.

Jerome Segura

Malware ID:*cea469492f8430cc060a33e0324a0869.zip
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


Terms of Use