As I was investigating some fake codec sites, late on a Friday night, I stumbled upon this one:

The malware is hosted on downloadxxtube.com. Interestingly enough, the page is totally open for the curious like me. You can see an “exe” folder where that file is hosted, but the thing that first caught my attention was those BMW pics…

Is that what online criminals dream of?

Don’t get me wrong, I think BMWs are splendid cars and if I had the budget I would be more than tempted!

The domain registratio info below. Created mid-July.

File detection on virusTotal:

There is another domain hosting the same payload on that IP (78.159.98.70): showmeall-tube-xx.com

Ah… a sports car. Maybe some day…

Jerome Segura

It’s new to me.

jumborad.com/download/6c307a7968513d3dcda19d5320090722/QuickTime.dmg

Only 3 vendors, on virusTotal, detect it right now: F-Secure, Kaspersky and Sophos.

Malware ID: f5e09bd7cb91e8fe781343e5657b8d4b.zip

On Paretologic’s FTP share, as always.

Jerome Segura

Anything is good to make money, even nonsense.

Take for example this query on a torrent site for “testing how dumb an ad banner can be”.

Not a problem, there are apparently files all made up for me:

Yes, even a rar archive…

All I gotta do is sign up… Who are you fooling?

Jerome Segura