Asobi Seksu And The Musical Malware

| | Comments (1)



Asobi Seksu are one of my favourite bands of recent years, and while trying to work out where to buy an acoustic album they released not so long ago, I happened to come across a website called

music-megaupload.com

They're clearly riding on the back of the name of the legit file download site Megaupload. More importantly, they claim to be offering up a full version of one of their albums:

asobi1.jpg
Click to Enlarge

As you've probably guessed, that is NOT anything remotely resembling an album - rather, it's an executable file pretending to be an album.

Oh, the blasphemy.

Anyway, once the file is on the PC, you can't help but notice...well....take a look for yourself:

asobi2.jpg

Does that icon look like an Oscar? Why yes, it does...a little strange, don't you think?

Run the file, and you'll see an installer prompt for one of those not-so-wonderful fake media codecs:

asobi3.jpg
Click to Enlarge

Continue with the installation process, and you'll find your browsers aren't working. That's because this is a variant of the DNS Changer trojans that enjoy breaking your internet, usually while downloading fake backgrounds warning of dire infections that only rogue removal tools can fix. Here's your tampered-with DNS settings:

asobi4.jpg

Lovely.

The executable is served up from

implugins.net

which has been around since March 2009, with an EMail address associated with numerous malicious domains. Coverage is rather poor for this file at present, here's the Virustotal results:

asobi6.jpg

As you can see, only 5 out of 40 scanners pick it up at the moment.

In conclusion, then, we have

1) A fake weblog trading off the Megaupload domain name
2) Endless fake MP3 and albums served up from a second domain, which are actually DNS changer trojans disguised as media codecs. This is itself an interesting tactic, as usually fake media codecs are served up in exchange for what the user thinks are movies, not music.

If you really want to grab some Asobi Seksu music for free, I'd suggest doing it the legit way - visit their official media page.

You definitely don't want the Oscar remix edition...

1 Comments

be carefull while we download mp3 or any audio video file. may be dangerous for your pc.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on April 15, 2009 5:21 PM.

"No Longer Available..." was the previous entry in this blog.

iTunes Scam: "Send Us Your iTunes Card Codes" is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.