Fake videos with funny or sexual content, have long been used to entice users to download and install malware. The technique is used by hackers to convince users that they need to install additional codecs, or software, in order to play the video.
I've found several websites redirecting to "Emma Watson never seen before home video" hosted on various rr.nu domains: strongrzholder.rr.nu, smartutnetwork.rr.nu, etc. The page looks very similar to a YouTube page, with related videos on the left, and fake comments below the player.
 |
| Emma Watson never seen before home video |
A click on the Play button, or any link on the page, shows a warning
that the Flash player is out of date and a new version needs to be
installed in order to play the video.
 |
| Warning about outdated Flash version |
The warning is very well designed. It feels like a
desktop software with an animated download function, despite being part
of the web page. The user is enticed into downloading and installing a
file called
scandsk.exe.
 |
| Malicious executable |
 |
| Virustotal report |
Be aware of any update done outside of official vendor websites.
没有评论:
发表评论