Here’s a site located at buburuzka(dot)com/xhupt/71093(dot)php offering up some fake Flash. Humorously, they don’t seem to have taken much notice of the latest Flash Player version – compare and contrast:
Click to Enlarge
As you can see, a bit of a difference there. Of course, they’re hoping the victims they attract to a scam like this won’t pay much attention to what they’re clicking on, never mind confirm that the Flash numbering offered matches up with reality.
We detect this as VirTool.Win32.Obfuscator.hg!b1 (v), another 2GCash clickfraud Trojan, and the VirusTotal score is currently at 5/43.
Christopher Boyd (Thanks to Patrick Jordan for finding this one)