Sabtu, 16 Maret 2013

Who is behind the spread of pornographic video Rihanna and Kim Kardashian?

Google Plus and Youtube also be a means of distributing malware

There's no sugar ant, sugar-sugar this time is the social media, especially Facebook users who thought offered "sugars" porn video Rihanna and Kim Kardashian, the opposite in fact they are a confectionery aka malware victims. Recent developments are being monitored Vaksincom shows that in addition to Facebook, the criminals also began utilizing Google +, Youtube and combined with URL Shortener to disguise the original addresses and websites spreading malware enhanced with the exploitation of the popular program "AVS Media Player.exe" fake designed in such a way to deceive his victim in order to download and run a file that was clearly dangerous. 

Then how he lure his victims to run the file? One way that is proven to be effective is social engineering exploit public figure especially sweets celebrities and not far teaser video sex vulgar. Some celebrity names that could be used is Kim Kardashian and Rihanna (see figure 1)

Figure 1, post teaser video sex confectionery Rihanna on Facebook 

that in 3 X 24 hours of its appearance immediately eradicated by Facebook administrators from around the wall and the victim when the article is gone without a trace :). But the thing to watch out for is the criminals are now looking for another celebrity names where although the method used is an old song but still ridiculous casualties. In addition to the victim because of his curiosity, one of the other reasons is an application used "AVS Media Player.exe" which turned out to be false until the time this article is not well detected by the majority of antivirus programs.

Utilizing Google +, and YouTube URL Shortener
In addition to utilizing social media platforms Facebook a billion people, the malware authors are also beginning to utilize Google + (see figure 2)

Figure 2, Network Google Plus began targeted to spread malware

and You tube in carrying out his evil actions. Remarkably, the use of social media can be done independently and staying integrated with one another where where even post installation inducement leading to malware installation site on Facebook has been shut down by Facebook administrators, but posting on Google Plus or other social media accounts remain active, including in Youtube site used to spread malware original link (see Figure 3).

Figure 3, the addition to Google +, malware authors also use the account on Youtube to spread malware infection link.

The actual video file uploaded to Youtube video file is not sex that was promised and only a means of advertising to inform the actual URL address at hdmoviesp ** Because the master URL is still active, just change the theme of crime and social engineering is a means of distributing malware, and with the help of URL Shortener (URL shortener) the victim will not be able to see where the actual address of the destination and the emergence of another version of the video codec directing victims to download malware a matter of time so that the users of social media and internet bids must be alert to the installation of additional codecs or unknown program that is able to fool the detection of 90% of antivirus products.

If the address is clicked, it will bring the victim to malware spreading sites that are well prepared hdmoviesp ** promising myriad victims to be able to download movies in HD quality, which previously required to download a codec (an unnecessary and instead dangerous because it contains adware) with the name "AVS_Media_Player.exe". (See figure 4)

Figure 4, If you are interested in downloading movies promised, you should download the codex with the name "AVS_Media_Player.exe"

According watchlist Vaksincom, AVS Media Player is actually an output of Online Media Technologies program size 82 MB and is working to open a file AVI, MPEG, WMV, MP4, DVR-MS, MKV, FLV, OGG and others and can obtained from Cnet, Softpedia and is a harmless application with the file name "AVSMediaPlayer.exe" and can be downloaded from But the file "AVS_Media_Player.exe" offered by the site hddmoviesp ** sized at only 258 KB and does a lot of evil. Amazingly this malware application until the time this article is still not well detected by antivirus programs (according to testing done on Virus Total and was only detected by less than 10% of the antivirus programs. (See figure 5)

Figure 5, this malware is only detected by less than 10% of the antivirus program that is scanned by the virus Total on March 3, 2013.

Norman Virus Control detects this malware as WinPE / Solimba.EDRK (see figure 6)

Figure 6, Norman Virus Control detects this malware as WinPE / Solimba.EDRK

As for the possibility of other names used by this malware are:

  1. AVS Media Player.exe
  2. codecupdatechange.exe
  3. AVSMediaPlayer.exe
  4. AVS% 20Media% 20Player.exe
  5. AVS% 20MediaPlayer.exe
  6. AVS_Media_Player.exe
  7. AVSMediaPlayer.exe
  8. AVS

The Solimba itself is adware application that will seek you install third party apps that will try to run the file from the network. The latest development is worrying it will collect data from victim computers. He is capable of running on OS Windows 2000 to Windows 7.

Source :, translate by Yohanes Gitoyo.

Tidak ada komentar:

Posting Komentar