There's a website called
megasecuredownload.com
currently being spammed across Youtube (about 300 or so movies at the moment), targeting lots of different groups randomly (so far we've seen script kiddies, videogamers, MMORPG fans and more besides).
In a nutshell, if you like to do stuff, there's probably some of that "stuff" mentioned in one of their videos.
Visit the website, and you see this:
Megasecuredownload.com, originally uploaded by Paperghost.
What they've done isn't entirely a new idea, but clever regardless - a fake set of antivirus scan results claiming the file is free of infection (a quick bit of scripting makes it appear that the scan results are from today's date, whatever that might happen to be).
Download and run the file (called X-Force Generator) and you're opening yourself up to a bunch of nasties, despite what the fake scans above claim.
Here's some results from VirusTotal (there's a low detection rate for this at the moment, so be careful), ThreatExpert and Comodo. Some of the sites referenced when the file installs (scarlettartsgallery.com, redbullarts.com and myfoundryart.com) are mentioned in this blog post (scroll down to the bottom, the main body of text is unrelated to this file) which ties them to various Zbot hijacks and autostart worms.
In all probability, if you run the file you'll eventually end up with an altered desktop warning you that your system "might be infected". We're still looking into this one, but we'd advise you to steer clear.
megasecuredownload.com
currently being spammed across Youtube (about 300 or so movies at the moment), targeting lots of different groups randomly (so far we've seen script kiddies, videogamers, MMORPG fans and more besides).
In a nutshell, if you like to do stuff, there's probably some of that "stuff" mentioned in one of their videos.
Visit the website, and you see this:
Megasecuredownload.com, originally uploaded by Paperghost.
What they've done isn't entirely a new idea, but clever regardless - a fake set of antivirus scan results claiming the file is free of infection (a quick bit of scripting makes it appear that the scan results are from today's date, whatever that might happen to be).
Download and run the file (called X-Force Generator) and you're opening yourself up to a bunch of nasties, despite what the fake scans above claim.
Here's some results from VirusTotal (there's a low detection rate for this at the moment, so be careful), ThreatExpert and Comodo. Some of the sites referenced when the file installs (scarlettartsgallery.com, redbullarts.com and myfoundryart.com) are mentioned in this blog post (scroll down to the bottom, the main body of text is unrelated to this file) which ties them to various Zbot hijacks and autostart worms.
In all probability, if you run the file you'll eventually end up with an altered desktop warning you that your system "might be infected". We're still looking into this one, but we'd advise you to steer clear.
Leave a comment