Another bogus movie player site

As you can see below this site is designed to look like a "click to play" movie site ... however in this case no movie is ever played. Instead after several redirects the visitor is prompted with the fake ActiveX prompt ...

Notice how both images imitate a video player ... folks don't fall for these stupid tricks ...

The download is detected as: Trojan-Downloader.Win32.Zlob.eks
Note the last entry in the result column is 502 indicates that entry is blocked by the HOSTS file ...
"stvfirm(dot)com" = Inhoster Hosting via ESTDOMAINS/PrivacyProtect (no big surprise there!)

Update: (11-26) - although the "stvfirm" entry was blocked, that entry was added after the last HOSTS file update.
Sorry for any confusion ...

Published Mon, Nov 26 2007 1:44 by winhelp2002

Comments

# re: Another bogus movie player site

Monday, November 26, 2007 6:05 PM by redwolfe_98

i don't see "www.stvfirm.com" in the 11/19 winhelp2002 HOSTS file..

# re: Another bogus movie player site

Monday, November 26, 2007 8:08 PM by winhelp2002

redwolfe_98,

You're right ... that entry was added after the last update, and I have ammended the blog post to reflect that.

Hosts News

This Blog

Syndication

Search

Tags

Community

Archives