Following up on a tip from the Castlecops MIRT Team (Malware Incident Reporting and Termination) about a new entry for mcboo(dot)com. As you can see below this new entry is definately a nasty.
Now what I find disturbing is that I decided to “Google” and see if there were any other new entries that I should add to the HOSTS file. Well, I find the following:
Which redirects to go.com (operated by Disney) … so I checked the DNS of that entry and find it is actually “disney.com” … huh? What in the world is Disney doing associating with the MatCash Family of Trojans?
“Win32/Matcash is a family of multi-component trojans that can be used to download and execute arbitrary files.”
McAfee detects another mcboo entry as Downloader-BCF The question I have is who is “affID=27″?
Is Disney affiliate #27 to the MatCash Trojan Family? … Oh Disney what were you thinking?
184.108.40.206 = Disney Worldwide Services
While still researching the malicious “mcboo(dot)com” entries I find this … look familar? Yeah we’ve seen this malicious trick many many times before (Missing Video Codec) …
And just who is involved in this latest Trojan.Codec scam? … you guessed it “mcboo(dot)com) …
So just what relationship does Disney (go.com) have with these smut peddlers, because “waverevenue(dot)com” is a hard-core porn site … Oh Disney what were you thinking?