Wednesday, March 05, 2008

Zlob brings back fake MP3s!

Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here). Afterwards, we started to see more and more fake video codecs and less of free MP3s. Well, now they are back! Some of the fake MP3 pushing domains are:

Here are some screenshots showing fake MP3 listings and download screens:

As of now, detections for the malware being pushed by these sites are very poor. Here’s a VirusTotal scan result for one of the downloaded files. This file had double extension to spoof an innocuous PC user.
File Sound.mp3.exe:
CAT-QuickHeal - (Suspicious) - DNAScan
eSafe - Suspicious File
F-Secure - Tibs.gen200
Norman - Tibs.gen200
Sunbelt - VIPRE.Suspicious

Please do NOT visit any of the sites mentioned above!!!!


Blogger Rafal said...

I'm sure you're aware of this by now, but I thought I'd post it as a comment anyway - these 'fake' MP3s are also being distributed via the LimeWire network. They're being packaged as a part of innocent-looking search result - but they are likely hidden among innocuous results. I occasionally do LimeWire searches of various media to look for malware - and managed to find a larger than normal trasure trove of crap-ware lately... perhaps some more research is needed here?

5:39 AM  

Post a Comment

<< Home