There has been a boom in malicious spam, web sites and Twitter posts advertising a “peep hole” video of ESPN reporter Erin Andrews undressing in a hotel room.
Researchers at Sunbelt Software have detected that the Trojan installers used in the scam are generating a large number of polymorphic variants. The installers change with sites each day and number around 10,000 unique hashes.
VIPRE detects one as Trojan.NSIS.DnsChanger (v). Detections for a second, Trojan-Downloader.Win32.CodecPack.2GCash.Gen, will be pushed out shortly.
At one point on Tuesday, July 21, the number-one hit in a Google search for “Erin Andrews” was just two clicks away from a site with a downloader.
Needless to say, don’t get curious about the video. A rogue anti-malware product and a key logger are among the things that are downloaded.