Unsanitized repo of fake codecs

July 2nd, 2009

Sometimes spending the extra work hours pays off. Actually I kind of get into a groove after searching and things come easily… that is until my wife phones me up!

Anyway, I was investigating a site and checked its source code for anything of interest.

There was a strange link pointing to a gif file that I decided to follow.

It took me to this page, a nice little repository of malicious pages pushing fake video codecs:

oymoma-tube.freehostia.com

As you can see, some of the pages have just been updated today, while others are a little older.

Here are some examples of the pages hosted there. They also have redirect links to other malware sites.

Jerome Segura

And for our partners, I’ve uploaded to our FTP share some of the samples I could grab.

Malware ID: 0d23a0aa75658d81698c727261503628.zip

Malware ID: 6d3b3cd07df5db7f4512a503ace750ac.zip

Malware ID: da3f8fc504e1a640fbc0ae8da568dec7.zip

Malware ID: ee222a68e35225115a1dceac34026ab6.zip

This entry was posted on Thursday, July 2nd, 2009 at 4:44 pm and is filed under Fake codecs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Unsanitized repo of fake codecs

Comments: