Chinese Website Promises Fresh Movies, But Actually Installs Malware
According to Webroot a security company, a very recent movie website situated in China offers visitors much more compared to some very recent pirated movies as also it loads one Web-server that's of the Apache make. Furthermore, Webroot warns, the website plants about six downloader and keylogger malwares pretending to be elements of genuine software.
It (Webroot), along with a few other anti-virus firms, calls this malicious software "Taobatuo."
This software together with text files carrying directions about the program arrived from taobao.lylwc.com, which however, isn't the known Taobao.com, a portal in China that receives massive traffic.
Meanwhile, the domain name lylwc.com is as such pretty malicious. It has been found to offer free Hollywood films for download along with a huge archive of TV shows and movies. But when people attempt at watching those films, the website installs a Trojan installer disguised as the media player QVOD a popular media application in China.
Reportedly, since August 2010, files have been emanating from the lylwc.com domain, researchers say. Moreover, these files have been moving across the Web to infect PCs within China and other places since March 2010.
Understandably, the infection starts whilst users execute any of the multiple malware installers that may be possible with a drive-by attack. The installer files bear .txt extensions that automatically extract RAR files alternatively work as NSIS installers. A free and handy app named Universal Extractor easily takes either of the two apart.
Said Threat Analyst Andrew Brandt at Webroot, all of the above made him convinced that the malware developers must be regarding themselves as untraceable alternatively people whom law enforcement couldn't reach. And given that the above mischief makers had been continuing for almost 12 months, it seemed that probably they were right, alternatively simply arrogant, Brandt contended. Info Security published this on December 6, 2010.
Brandt further suggested that any user who suddenly found the httpd.exe service of Apache running on his system, even though he didn't load it, alternatively never utilized his PC to work like a Web-server, it would be a good idea if he scanned his system instantly.
Related article: Chinese Hackers Threatening Korean Game Sites
» SPAMfighter News - 17-12-2010