DollarRevenue, a fruitful source of malware, just keeps having fun with users.
First, we search for “sexy paris hilton” in Google, and get a hit — the first one.
Then we click on the video picture to view it.
We get an install box. No EULA appears and to the casual surfer, it just seems like you’re installing the video.
The installer, sexybabesx(dot)com/parisspicyburger.exe (Virustotal) actually calls the loader file from promo.dollarrevenue(dot)com/bundle/loader.exe. And your life, at that point, is no fun at all.
You can see a movie, here.
Alex Eckelberry
(With copious acknowledgement to Patrick Jordan in our spyware research team)