Site Uses Fake AV Results To Encourage Downloads

| | Comments (0)
There's a website called

megasecuredownload.com

currently being spammed across Youtube (about 300 or so movies at the moment), targeting lots of different groups randomly (so far we've seen script kiddies, videogamers, MMORPG fans and more besides).

In a nutshell, if you like to do stuff, there's probably some of that "stuff" mentioned in one of their videos.

Visit the website, and you see this:

Megasecuredownload.com, originally uploaded by Paperghost.

What they've done isn't entirely a new idea, but clever regardless - a fake set of antivirus scan results claiming the file is free of infection (a quick bit of scripting makes it appear that the scan results are from today's date, whatever that might happen to be).

Download and run the file (called X-Force Generator) and you're opening yourself up to a bunch of nasties, despite what the fake scans above claim.

Here's some results from VirusTotal (there's a low detection rate for this at the moment, so be careful), ThreatExpert and Comodo. Some of the sites referenced when the file installs (scarlettartsgallery.com, redbullarts.com and myfoundryart.com) are mentioned in this blog post (scroll down to the bottom, the main body of text is unrelated to this file) which ties them to various Zbot hijacks and autostart worms.

In all probability, if you run the file you'll eventually end up with an altered desktop warning you that your system "might be infected". We're still looking into this one, but we'd advise you to steer clear.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on September 30, 2009 11:46 AM.

Fake Youtube Pages And Seekmo was the previous entry in this blog.

House MD - Prescribing Fake AV is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.