Massive spread of malware through fake sites entertainment

The cases of spreading malicious code through various methods of deception are an essential part in the cycle of spreading malware that developers employ.

The resources offered through the Internet for purposes of entertainment are often among the most exploited targets for the dissemination of harmful code, and to that end I have received many inquiries about sites with material that hosts children's entertainment of any injection of malicious code or downloading malware.

A concrete example is the strategy of deception that take advantage of social engineering to exploit visual resources sought in the massive cloud of information and of which I have shown several examples.

In this regard, other alternatives maliciously engendered in the mind of a developer intentionally malicious sites are created for the spread of malicious code.

For example, a fake Emule project site (the famous client to download files via P2P networks), from where you download a binary called

• Official-eMule_setup.exe (MD5: 71f0aa3305d5e87c0cbcfba0c2bb3425)

Currently very low detection rate, only 3 of 40 antivirus.

Even a fake site on the player videos Live Player, from which you download an executable named

• Live-Player_setup.exe (MD5: 1f9e21ffbf6030f1f1bd77e0ba57368c)

Detected by 9 of 40 antivirus engines.

This is actively being exploited through a campaign that includes website promotion programs massively used. The domains involved are:

backstripgirls .com
buscalisto .com download.hot-tv .com
download.live-player .com
download.official-emule .com
download.original-solitaire .com
download.speed-downloading .com
download.web-mediaplayer .com
favorit-network .com
games-attack .com
go-astro .com go-turf .com
gomusic .com
gomusic .net
hot-tv .com
littlesmileys .com
live-player .com
official-bittorrent .com
original-solitaire .com
pc-on-internet .com
schnellsucher .com
search-solver .com
speed-downloading .com
static.favorit-creatives .com
vl02.c76.fvtn .net
web-mediaplayer .com
www.buscalisto .com
www.favorit-network .com
www.games-attack .com
www.gomusic .com
www.hot-tv .com
www.live-player .com
www.official-bittorrent .com
www.official-emule .com
www.pc-on-internet .com
www.schnellsucher .com
www.search-solver .com
www.smilymail .com
www.speed-downloading .com
www.trovarapido .com
www.web-mediaplayer .com

Even a search through these sites is obtained with a good web positioning, perhaps through Black Hat SEO techniques.

This proves the "enthusiasm" that the creators and disseminators of malware placed in these criminal acts clearly seeking to mislead users when trying to attract attention to methods of propagandists promoting malware through fake sites.

Related Information
Campaign spreading XP Antivirus Police through Visual Social Engineering - Spanish version

# Jorge Mieres