Angelina and Zango cash

September 4th, 2009

I came across the following site today: angelinajmovies.cn

If you browse the site you immediately get a file:

which VirusTotal detects as:

If you refresh the page you now get this second file (sorry I used Firefox here, but you get the same result in IE):

which VirusTotal detects as:

And if you refresh the page angelinajmovies.cn for a third time you get:

Wait, let’s zoom in a little bit:

Yes, you see it right, Zango it is.

Dreamcatcher player, sorry DreamMediaPlayer or whatever.

The landing page reminds me so much of the fake codec pages. I bet they might even have used the same template.

Bad on all fronts!

Jerome Segura

Malware ID: 67e252ee84a6b5d0e2706ccc3e36a106.zip

Malware ID: bea4676cddd48770b56c54db8b07f370.zip

Malware ID: c115d8251fe12d92567e55cad1d379e9.zip

This entry was posted on Friday, September 4th, 2009 at 9:02 am and is filed under Exploits, Fake codecs. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Angelina and Zango cash

Comments: