Antonella Barba used to deliver malware

June 12th, 2009

American Idol singer Antonella Barba’s name (and more!) is being used in malware campaigns.

I found at least two different websites registered using her name, that are pushing malware.

The page is pretty straightforward… with the alleged video being the center of attention:

If you click on the video, it will redirect you to a page that tries to load streamviewer.40009.exe

The file is hosted on yet another domain created June 11, so still very recent.

A Robtex analysis reveals some interesting connections:

You can see the domain names for scareware programs:

The malware file is not very well detected:

A clue to what it might be doing as a payload is revealed by this Fiddler analysis:

It looks like some click fraud using ad banners:

Every now and again, amongst redirections and pop ups you will see it trying to push rogueware:

Once again, this is a reminder of how celebrities are used in malware attacks. Their private lives interest people, which makes them a prime target for hackers.

Warning: all links are live and can infect your PC.

Jerome Segura

This entry was posted on Friday, June 12th, 2009 at 4:32 pm and is filed under Fake codecs, Rogue software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Antonella Barba used to deliver malware

Comments: