Asobi Seksu And The Musical Malware

Asobi Seksu are one of my favourite bands of recent years, and while trying to work out where to buy an acoustic album they released not so long ago, I happened to come across a website called

They're clearly riding on the back of the name of the legit file download site Megaupload. More importantly, they claim to be offering up a full version of one of their albums:

As you've probably guessed, that is NOT anything remotely resembling an album - rather, it's an executable file pretending to be an album.

Oh, the blasphemy.

Anyway, once the file is on the PC, you can't help but notice...well....take a look for yourself:


Does that icon look like an Oscar? Why yes, it does...a little strange, don't you think?

Run the file, and you'll see an installer prompt for one of those not-so-wonderful fake media codecs:

Continue with the installation process, and you'll find your browsers aren't working. That's because this is a variant of the DNS Changer trojans that enjoy breaking your internet, usually while downloading fake backgrounds warning of dire infections that only rogue removal tools can fix. Here's your tampered-with DNS settings:



The executable is served up from

which has been around since March 2009, with an EMail address associated with numerous malicious domains. Coverage is rather poor for this file at present, here's the Virustotal results:


As you can see, only 5 out of 40 scanners pick it up at the moment.

In conclusion, then, we have

1) A fake weblog trading off the Megaupload domain name
2) Endless fake MP3 and albums served up from a second domain, which are actually DNS changer trojans disguised as media codecs. This is itself an interesting tactic, as usually fake media codecs are served up in exchange for what the user thinks are movies, not music.

If you really want to grab some Asobi Seksu music for free, I'd suggest doing it the legit way - visit their official media page.

You definitely don't want the Oscar remix edition...


be carefull while we download mp3 or any audio video file. may be dangerous for your pc.

