Today we came across this fake codec scam that delivered two pieces of malware for those unfortunate enough to stumble across it. The malicious site offers Megan Fox and Carmen Electra sex videos (among other things.)
After installing a fake video viewer, it throws up fake Microsoft Security Essentials alerts and installs the Windows System Optimizator rogue.
# 1. 2GCash (VIPRE detection: VirTool.Win32.Obfuscator.hg!b1)
The 2GCash malware has been one of the major downloaders. It’s been used by thousands of affiliate sites since 2008. Its main purpose is to generate profits through click fraud transmissions from infected computers and search engine result hijackings.
VIPRE detects the 2GCash malware as VirTool.Win32.Obfuscator.hg!b1 (v). Kaspersky detects it as *.codecpack, Sophos as FakeAV-CX and Microsoft as Renos.
It uses online scanner scams, third party bundled downloads, fake codec scam sites and fake crack serial sites.
The file video_part_##.exe is detected as Trojan.Win32.Generic.pak!cobra
Windows System Optimizator is a rogue what uses a fake Microsoft Security Essentials alert. VIPRE detects it as Trojan.Win32.Generic.pak!cobra.
It’s a rebranding of the Windows Optimization Center rogue.
2GCash is the name we gave the detection when the group behind it began an affiliate program with a site named go-go-cash.com in December of 2008.
The page for affiliates was titled “Go Go Cash.”
Thanks to Patrick Jordan for the analysis.