The strategies of deception through visual social engineering, as are the cases that simulates viewing videos online, and attempts to download malware under the guise of lack of necessary codec, have become rife and almost a rule This should take the user to escape from a potential infection.
On another occasion I counted how scareware IE Defender used a similar campaign to spread your installer using the same strategy of deception. This time, the turn of this technique is to exploit Police XP 2009.
All domains that involve campaign directed to http://sexybabes18 .com/ video/ in the IP address 18.104.22.168. In this instance, you download a binary file called install.exe (MD5: 6ba25f5f8ed91db92305f92beef1fe84) from the XP Police 2009 website.
By accessing the website scareware that uses IP addresses 22.214.171.124, 126.96.36.199 and 188.8.131.52, we can verify that the file you downloaded is the same.
The domains are currently operated by XP Police 2009:
This attack technique is actively used by scareware one of many that exist, so it might look more fake security programs using this strategy.
New strategy of social engineering to spread IE Defender - Spanish version
# Jorge Mieres