Beware of Ransomware
After reading a blog post by fellow Microsoft MVP "Donna's SecurityFlash" I thought I'd do a little follow-up ...
"The ransomware was included in adware “Uccplay.” Victims are led into thinking the adware is a multimedia player, but when they install it, the program copies all video files stored on the computer to a hidden folder and removes the original files. Victims have no choice but to open the ransomware to access their video files, which then opens up a “certification” box that actually links to mobile phone payment."
What I found was a lot more than "adware" from Uccplay ... which is a "Google.Warning" site ...
Just visiting this site is hazardous! ... as you can see it immediately attempts to install a ActiveX, which is blocked by Windows Vista. However that's not all it tries to do ...
Look at all the ".cab" files this site tries to load! ... Yikes! ... I downloaded the "down.iedoumi(dot)com" cab file and scanned it at VirusTotal [results here] which is mainly detected as: Trojan-Downloader.Win32.Delf.bpn
FYI: "down.iedoumi(dot)com" is also a Google.Warning site ... gee I wonder why ... while the files from "microadsystem" are detected as: TR/Dldr.FakeAV.F.1 [results here]
Then "comclean.co(dot)kr" = Spyware.Comclean ... although the ".cab" file is only detected as suspecious at VirusTotal.
Seems a little ironic that the same page that tries to infect you also tries to load a (unknown) Antivirus program too ...