Fake codec targets Russian users

July 21st, 2009

The following domain, sexvideorussia.com pushes a fake codec in the form of…. a WSF file (Windows Script File).

The file datafeeder.swf contains obfuscated JavaScript:

If you run it, it will install a BHO tied to bpfeed.dll

That BHO is going to inject ads into your webpages, as this VirusTotal screen cap shows:

Since everything appears to be written in Russian, I assume it is targeting the same population.

On that same IP (88.208.19.153) there are similar sites pushing the same malware:

redxporno.com

besplatnoexxx.com

The domains appear to be registered to:

andrey smiyan
Lepkalno
19
Vilnus, 232000
Latvia

But the IP is located in the Netherlands.

Jerome Segura

Malware ID: cea469492f8430cc060a33e0324a0869.zip

This entry was posted on Tuesday, July 21st, 2009 at 8:28 am and is filed under Fake codecs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments:

(0) comments
|
Add your comments