English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Pirate episodes scam

Costin Raiu
Kaspersky Lab Expert
Posted January 26, 12:18  GMT
Tags: Social Engineering
0.2
 

TV Series such as “The Simpsons” are hugely popular and have hundreds of thousands of fans around the world. Unlike “Southpark” - another hugely popular series - not all of them are freely available on the web though. As such, there is a high demand on the web for such episodes and as usually happens, scam tactics appear around them. Here’s one such example that we have seen recently on the popular website Dailymotion:

When trying to watch the pirate episode, a message will appear on screen claiming that the content has been removed due to copyright issues, but luckily you can still watch it at a special URL posted in the description field.

These URLs are always shortened (or masked) with services such as bit.ly, and clicking on them leads us to:

Once again, the content is not available immediately and to watch it one needs to access a special “offer”. Clicking on any of the offer links leads further to another page:

“IWON” (example file name: IWONSetup2.3.76.6.ZLman000.exe) is actually the infamous MyWebSearch Adware type of application, detected by most AV products, though not all. (KAV detects it as not-a-virus:WebToolbar.Win32.MyWebSearch.fr)

Though this application is not directly malicious, you may want to stay away from it, since installing the app won’t bring Homer to your screen and in addition, as recently shown by my colleague Roel, online ads can indirectly infect your computer even when shown by brand programs.

Be safe!


4 comments

david

2011 Jan 27, 00:39
0
 

This Happend To Me

The exact same thing happend to me but while trying to watch a star trek episode from www.allstepisodes.com. But it wasnt an add that popped up, it was a window from acrobat adobe that would not let me close it. So i figgured that it was a required download and now i have 4 virus' that kaspersky detected but for some reason i cannot remove them. Any thoughts on how I can get rid of them?
They are;
PDM:Trojan.Win32.Generic
PDM.Trojan.Generic
PDM.Worm.p2p.generic
PDM.Rootshell

If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog