Select Page

DollarRevenue, a fruitful source of malware, just keeps having fun with users.

First, we search for “sexy paris hilton” in Google, and get a hit — the first one.

Googlesearch_09000123

Then we click on the video picture to view it.

Hilton_9123181231

We get an install box. No EULA appears and to the casual surfer, it just seems like you’re installing the video. 

Hilton091231231237

The installer, sexybabesx(dot)com/parisspicyburger.exe (Virustotal) actually calls the loader file from promo.dollarrevenue(dot)com/bundle/loader.exe.  And your life, at that point, is no fun at all.  

You can see a movie, here.

Alex Eckelberry
(With copious acknowledgement to Patrick Jordan in our spyware research team)