English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Pirate episodes scam

Costin Raiu
Kaspersky Lab Expert
Posted January 26, 12:18  GMT
Tags: Social Engineering
0.2
 

TV Series such as “The Simpsons” are hugely popular and have hundreds of thousands of fans around the world. Unlike “Southpark” - another hugely popular series - not all of them are freely available on the web though. As such, there is a high demand on the web for such episodes and as usually happens, scam tactics appear around them. Here’s one such example that we have seen recently on the popular website Dailymotion:

When trying to watch the pirate episode, a message will appear on screen claiming that the content has been removed due to copyright issues, but luckily you can still watch it at a special URL posted in the description field.

These URLs are always shortened (or masked) with services such as bit.ly, and clicking on them leads us to:

Once again, the content is not available immediately and to watch it one needs to access a special “offer”. Clicking on any of the offer links leads further to another page:

“IWON” (example file name: IWONSetup2.3.76.6.ZLman000.exe) is actually the infamous MyWebSearch Adware type of application, detected by most AV products, though not all. (KAV detects it as not-a-virus:WebToolbar.Win32.MyWebSearch.fr)

Though this application is not directly malicious, you may want to stay away from it, since installing the app won’t bring Homer to your screen and in addition, as recently shown by my colleague Roel, online ads can indirectly infect your computer even when shown by brand programs.

Be safe!


4 comments

Trish

2011 Jan 27, 15:37
0
 

Similar virus alert notice

While searching for county tax assessor information, a window opened alerting of virus infection. It looked very real but before following any instructions I ran the Kaspersky full scan and the Windows Defender full scan. Neither found anything at all! By the time the scans were completed, the window had defaulted to "HTTP: 404 - Webpage cannot be found". The URL was one of those that went on forever, but I did capture it. A search on each virus name found nothing. Here is a list of the virus names that were displayed in the suspicious window:
Win32/Peerfrag.GR
XF.Lunqunay!dam
Banker.MGB
Trojan.Encoder.67
Trojan.Encoder.37236
Win32.HLLW.Shadow.based
Packed.Vunted!gen2
Win32/Spy.Ursinif.A
Trojan.DownLoad.16849
Backdoor.Win32.Bifrose.cqqy

Any advice on further action would be appreciated.

Thanks,
Trish

If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog