Another bogus movie player site
Posted on November 26th, 2007 by hostsnews
As you can see below this site is designed to look like a “click to play” movie site … however in this case no movie is ever played. Instead after several redirects the visitor is prompted with the fake ActiveX prompt …
Notice how both images imitate a video player … folks don’t fall for these stupid tricks …
The download is detected as: Trojan-Downloader.Win32.Zlob.eks
Note the last entry in the result column is 502 indicates that entry is blocked by the HOSTS file …
“stvfirm(dot)com” = Inhoster Hosting via ESTDOMAINS/PrivacyProtect (no big surprise there!)
Update: (11-26) – although the “stvfirm” entry was blocked, that entry was added after the last HOSTS file update.
Sorry for any confusion …
2 Comments »
Filed under: Uncategorized
November 26th, 2007 at 6:05 pm
i don’t see “www.stvfirm.com” in the 11/19 winhelp2002 HOSTS file..
November 26th, 2007 at 8:08 pm
redwolfe_98,
You’re right … that entry was added after the last update, and I have ammended the blog post to reflect that.