Disney has some explaining to do

Following up on a tip from the Castlecops MIRT Team (Malware Incident Reporting and Termination) about a new entry for mcboo(dot)com. As you can see below this new entry is definately a nasty.



Now what I find disturbing is that I decided to “Google” and see if there were any other new entries that I should add to the HOSTS file. Well, I find the following:


hxxp://j10.wrs.mcboo.com/retadpu.exe?affID=27


 


Which redirects to go.com (operated by Disney) … so I checked the DNS of that entry and find it is actually “disney.com” … huh? What in the world is Disney doing associating with the MatCash Family of Trojans?


“Win32/Matcash is a family of multi-component trojans that can be used to download and execute arbitrary files.”



McAfee detects another mcboo entry as Downloader-BCF The question I have is who is “affID=27″?
Is Disney affiliate #27 to the MatCash Trojan Family? … Oh Disney what were you thinking?
199.181.132.250 = Disney Worldwide Services


While still researching the malicious “mcboo(dot)com” entries I find this … look familar? Yeah we’ve seen this malicious trick many many times before (Missing Video Codec) …



And just who is involved in this latest Trojan.Codec scam? … you guessed it “mcboo(dot)com) …



So just what relationship does Disney (go.com) have with these smut peddlers, because “waverevenue(dot)com” is a hard-core porn site … Oh Disney what were you thinking?



Leave a Reply

Network-wide options by YD - Freelance Wordpress Developer