Saturday, June 6, 2009

Pornography. Good excuse for spreading malware

Sites that offer pornography tend to have many visitors, perhaps much more than the fancy, and it's not a new trend or a fad today. It's no coincidence, because the pornographic material is the most wanted online, even historically speaking.

Accordingly, it's logical to think that "porn" is used as an attack vector to infect the computers of those who tend to frequent many of us, for research of course :D

Specifically, the research that curiosity led me to find a site that is a testament to the museum to describe malicious maneuver to use social engineering with a high component of deception to capture the attention of those Internet users who "surf" with the night the cloud, looking for a visual delight :D

In this case, under the slogan "Nude Celebrities on Video" We are a site that offers viewing of videos about celebrities, and the persons chosen Britnet Spears, Rihanna, Charlotte Gainsbourg, Emma Watson, Mischa Barton, Aisleyne Horgan, Kate Moss, Scarlett Johansson, LIndsay Lohan, Penelope Cruz, Singer Amy Winehouse, Louise Redknapp, Miley Cyrus, Sophie Howard, Emily Procter, Jessica Simpson and the classic Pamela Anderson ;D

When the person you want to see any of the cases videos click on them, a small window is displayed warning of the need to install a codec, offering the same download.

At this point, if the user agrees, is the downloading of a malware, also known as pornware in its direct connection to the pornographic.

This is a binary called softwarefortubeview.40056.exe (MD5: ce845a1e32ecc07ee0d58bc6ea55fe9c) that is downloaded from the address http://streaming-united. com ( is hosted in Ukraine, whose detection rate is very low. Only detected by antivirus engines 6 out of 40.

Given the vector used for the propagation, the most visual component of social engineering and the low detection rate, we can assume that the degree of effectiveness with which it can count the threat is high. This requires great care when visiting :-) for research websites with such content.

Related Information
Ingeniería Social visual y el empleo de pornografía como vector de propagación e infección II
Ingeniería Social visual y el empleo de pornografía como vector de propagación e infección
Estrategia de infección agresiva de XP Police Antivirus
Google Grupos nuevamente utilizado para diseminar porno spam
Ingeniería Social visual para la propagación de malware

# Jorge Mieres

No comments: