Beware of fake PornTube sites
Seems the malware creeps are playing on the popularity of “PornTube” an adult type version of YouTube …
Notice the title of the page … and there are quite a few using the same title. Which is also a “Google.Warning” site …
Yikes! … accessing this site you not only get a typical (bogus) “you need to download …” prompt, but you get whacked in the background from an embedded page with “VBS/TrojanDownloader.Psyme.Gen trojan“.
“3xmaster” is hosted at Upl Telecom S.r.o via ESTDOMAINS/PrivacyProtect. The Trojan.Codec download is from “avsmanufacture(dot)com” which is already included in the HOSTS file.
“avsmanufacture” is hosted at Ukrtelegroup Ltd via ESTDOMAINS/PrivacyProtect
85.255.114.186 = Ukrtelegroup Ltd … I would suggest adding that IP address to the “Restricted Zone“
2 Comments »
Filed under: Uncategorized
January 13th, 2008 at 6:03 am
PrivacyProtect? You just need to learn how to have it opened. For example, there is privacy protection on boomgirltv.com’s registration right at the moment. And I will have it opened within several hours.
Tom Bluewater
MHVT.NET
January 16th, 2008 at 7:57 pm
Help!
What should I do?
I downloaded the ‘codec’ and ran it.
silly me…