Beware of fake PornTube sites

Seems the malware creeps are playing on the popularity of "PornTube" an adult type version of YouTube ...

Notice the title of the page ... and there are quite a few using the same title. Which is also a "Google.Warning" site ...

Yikes! ... accessing this site you not only get a typical (bogus) "you need to download ..." prompt, but you get whacked in the background from an embedded page with "VBS/TrojanDownloader.Psyme.Gen trojan".

"3xmaster" is hosted at Upl Telecom S.r.o via ESTDOMAINS/PrivacyProtect. The Trojan.Codec download is from "avsmanufacture(dot)com" which is already included in the HOSTS file.

"avsmanufacture" is hosted at Ukrtelegroup Ltd via ESTDOMAINS/PrivacyProtect
85.255.114.186 = Ukrtelegroup Ltd ... I would suggest adding that IP address to the "Restricted Zone"

Published Fri, Jan 11 2008 9:43 by winhelp2002

Comments

# re: Beware of fake PornTube sites

Sunday, January 13, 2008 6:03 AM by mac12255

PrivacyProtect?  You just need to learn how to have it opened.  For example, there is privacy protection on boomgirltv.com's registration right at the moment.  And I will have it opened within several hours.

Tom Bluewater

MHVT.NET

# re: Beware of fake PornTube sites

Wednesday, January 16, 2008 7:57 PM by Me

Help!

What should I do?

I downloaded the 'codec' and ran it.

silly me...