Another bogus movie player site

As you can see below this site is designed to look like a “click to play” movie site … however in this case no movie is ever played. Instead after several redirects the visitor is prompted with the fake ActiveX prompt …

Notice how both images imitate a video player … folks don’t fall for these stupid tricks …

The download is detected as: Trojan-Downloader.Win32.Zlob.eks
Note the last entry in the result column is 502 indicates that entry is blocked by the HOSTS file
stvfirm(dot)com” = Inhoster Hosting via ESTDOMAINS/PrivacyProtect (no big surprise there!)

Update: (11-26)  – although the “stvfirm” entry was blocked, that entry was added after the last HOSTS file update.
Sorry for any confusion …

2 Responses to “Another bogus movie player site”

  1. i don’t see “” in the 11/19 winhelp2002 HOSTS file..

  2. redwolfe_98,
    You’re right … that entry was added after the last update, and I have ammended the blog post to reflect that.