Disney has some explaining to do
Following up on a tip from the Castlecops MIRT Team (Malware Incident Reporting and Termination) about a new entry for mcboo(dot)com. As you can see below this new entry is definately a nasty.
Now what I find disturbing is that I decided to "Google" and see if there were any other new entries that I should add to the HOSTS file. Well, I find the following:
hxxp://j10.wrs.mcboo.com/retadpu.exe?affID=27
Which redirects to go.com (operated by Disney) ... so I checked the DNS of that entry and find it is actually "disney.com" ... huh? What in the world is Disney doing associating with the MatCash Family of Trojans?
"Win32/Matcash is a family of multi-component trojans that can be used to download and execute arbitrary files."
McAfee detects another mcboo entry as Downloader-BCF The question I have is who is "affID=27"?
Is Disney affiliate #27 to the MatCash Trojan Family? ... Oh Disney what were you thinking?
199.181.132.250 = Disney Worldwide Services
While still researching the malicious "mcboo(dot)com" entries I find this ... look familar? Yeah we've seen this malicious trick many many times before (Missing Video Codec) ...
And just who is involved in this latest Trojan.Codec scam? ... you guessed it "mcboo(dot)com) ...
So just what relationship does Disney (go.com) have with these *** peddlers, because "waverevenue(dot)com" is a hard-core porn site ... Oh Disney what were you thinking?