Hey Adam-

Unfortunately, the malicious site you blogged about still rates in the top seven google results for "Zoey Zane". It's kind of sad that we're suprised it doesn't use any client side exploit, just the social engineering tricks.

We're seeing the ASPack protected setup file download "inwm.data" from powermpeg.com, which just gets renamed to another .exe file and run to install sysdivx.dll. On this infected lab system, I'm watching all sorts of popups from IeDefender at 85.255.121.146 right now. The first was an IE google "sex" result popup that inserts an HTML "Google warning" into the google results.

Both of these files are showing spotty detection (four or five hits) on virustotal. We're also seeing only one scanner detecting the latest sysdivx.dll (IeDefender) file.

Bad situation, but nice post!


Kurt
Kurt | Homepage | 12.03.07 - 8:49 pm | #

I have seen the site.
The video ad looks fake, and the girl does not even look like Zoey Zane.
That should be a warning right there.
These types of sites can be bad for your computer, or they may be a lure for other things where the poster exploits someone or something in order to get you to click on the ad.

George Vreeland Hill
George Vreeland Hill | 12.07.07 - 2:30 pm | #

That totally sucks.... I got tricked and had the virus. It wasn't too hard to fix though.

I just found this compilation video of Zoey -- Its a new one, not the YouTube one and not one of the many damn virus files... Its hot and free!

http://www.timtube.com/video/317...life- story.html

The video was almost a little too crazy! It made me feel dirty

I also found this NSFW pic of Zoey on the same website:

http://www.timtube.com/picture/3...-zoey- zane.html

Warning: Not for the light hearted! lol
Ben Evans | 12.11.07 - 1:33 pm | #