About Me

Bhaskar Krishna

Bhaskar Krishna

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

Wanna Watch Videos? Watch out its a worm!

Tuesday, December 12, 2006 at 9:55am by Bhaskar Krishna
Bhaskar Krishna

As we know there are many websites offering videos of celebrities for free where its major viewers are youngsters.

Here we have a webpage “www(dot)leaked[REMOVED]videos(dot)com” which by its title looks to have a large collection of celebrity videos. The user visits the site, follows the instructions, then ends up installing a worm instead of watching celebrity videos.

The webpage displays “Windows Media Player cannot play video file. Click here to download missing Video ActiveX Object” attempting to get the user to install “missing plugins” for Media Player as shown below:

If user clicks on the (Click Here) hyperlink in the browser they will end up downloading a program called mpg2-3.0.1.exe, as shown below:

Upon execution, mpg2-3.0.1.exe displays the fake error message box shown below and installs a worm called Nugache.

We caution all internet users from getting infected by these fake online video sites found while surfing the web as we continue to protect our customers against such social engineering attacks.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (14)

  • Applebees February 28, 2009 3:15AM

    I must say that you provide genuine, quality information. Thanks for this!

    BTW, dpn’t you think your blog needs a better wordpress template?

    Reply
  • Greg Newmark February 18, 2009 8:36AM

    Hi, I can’t understand how to add your site in my rss reader. Can you Help me, please :)

    Reply
  • Jack Daniel February 14, 2008 6:33AM

    I found this info very useful, but unfortunately after getting my pc infected with one of the worms downloaded to my pc in same fashion….installing so called missing codec from xtube.com

    Reply
  • ami December 29, 2007 12:12AM

    i was about download it. then thought something suspicious. so i searched it and got some information regarding it from labs.com . thanks for cautioning me.

    Reply
  • d4rkr1d3r December 12, 2007 1:15PM

    Hmm.. Seems it’s more than just the ‘Zlob’ trojan that is being advertised through “codecs”. This is the first IRC (Internet Relay Chat) bot I have seen infecting users with this particular form of social engineering.

    Reply
  • telz21 December 4, 2007 10:54AM

    r the tip about fake videos but how can i get the copy of active video object so i can watch film etc cos i don’t know what i’m looking for and what would help to run my /film cds if i don’t get the right item i would be grateful for your help and where could i get the free download from?

    Reply
  • Don October 29, 2007 6:00AM

    As it puts you in a loop, How do you get the boxs off the screen without going to control,alt,delete?

    Reply
  • lovely September 26, 2007 10:59AM

    […] Be careful when watching online videos, especially when they ask you to install a certain code to watch the video. By default, your media player should already have the necessary codes installed to watch online videos. In case you’re prompted to install an additional code while trying to watch a movie online, it may be a false alert and this so called code may install malware

    Reply
  • mehdi September 14, 2007 6:05AM

    thanks for your atentions too tell the truth

    Reply
  • nonotjavier March 8, 2007 12:38AM

    Almost clicked on it cause I really wanted to see the videos and it seemed legit, but screen looked exactly as described and signature website doesn’t exist, or has restricted access, so I had to type in parts of the message to finally pull up this info on the high risk. Thank you for the safety net.

    Reply
  • spook February 6, 2007 1:05PM

    Extremely good advice. You offer a valuable service w/this security research site. Please keep up the good work.

    Reply
  • CALVIN December 13, 2006 10:31AM

    Recently, my favorite forum also been spam with similar site which those spammers tried to post those message in the forum.

    Interestingly, they posted Britney Spears nude photos and provide a link to watch the video which in fact it’s a malicious file which infects user machine.

    User should practice some security measures in order to combat with those social engineering attacks nowadays.

    I’m worry that the similar trick will continue to exists which will be applied by cell phone malware creator to trick user to download the malicious application into their phone. Like last time, they have created a theme with a celebrity nude photo and innocent user is aware that it contains malicious components inside which will carry malicious act. We call it as DoomBoot variant.

    User are advice to get rid of those suspicious file.

    Reply
  • Ramesh December 12, 2006 9:39PM

    This is a very helpful article,
    We always assumed that it is installing video codec, but at the background it was installing worm.
    Thanks for your article.

    Reply
  • mechBgon December 12, 2006 11:02AM

    SiteAdvisor users should pay attention to the user comments at any websites that seem to offer something for free, whether it’s videos, screensavers, smilies, wallpaper, etc. SiteAdvisor is a free download from McAfee:

    http://www.siteadvisor.com

    From studying these types of sites, I’ve found that the bad guys repack their malware very, very frequently (sometimes several times a day) to evade direct signature detection by antivirus vendors. So DO NOT assume that a lack of a virus alert from your antivirus software means that the download is safe.

    Reply