Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Web Reputation Service Analysts




    Summertime has become synonymous with blockbuster movies. Unfortunately, these movies have become a go-to social engineering lure used by cybercriminals.

    Just like in previous years, Trend Micro engineers searched for possible threats related to movies released during the summer. This year, 22 Jump Street was the top movie used for social engineering. Transformers: Age of Extinction and Maleficent ranked second and third, respectively. Where are these supposed streaming sites advertised? Tumblr ranks first, followed by WordPress and Blogspot.

    Figure 1. Commonly used summer movie titles

    Figure 2. Sites used to advertise online streaming sites

    The US ranks first among the countries which accessed the movie-related URLs, followed by Australia and India.

    Figure 3. Countries which visited the streaming sites

    Suspicious Streaming Sites

    Users can encounter these streaming sites by using choice keywords on the mentioned sites. For example, we tried looking for a streaming site for the movie How to Train Your Dragon 2 on social media and came across a page on Facebook.

    Figure 4. Facebook page advertising the movie

    The Facebook page features a post that contains a shortened link to the streaming site. Clicking the Play button on the page redirects the user to yet another page.

    Figure 5. Redirected page

    The user is encouraged to download a specific video player in order to watch the movie. However, the installer/downloaded file has been detected as adware, specifically ADW_BRANTALL.

    Figure 6. “Video player” file being downloaded into the computer

    The Possible Adware-Malware Connection

    We found that this particular variant of ADW_BRANTALL can download unnecessary files, applications, and browser extensions into the system.

    Other ADW_BRANTALL variants are  known to push malware, specifically MEVADE/SEFNIT malware to computers. MEVADE malware is known for its click fraud and Bitcoin mining routines. A Trend Micro research paper, On the Actors Behind MEVADE/SEFNIT, speaks at length about this adware-malware connection. Note, however that this particular sample is not related to the ADW_BRANTALL that downloads MEVADE/SEFNIT as discussed in the said paper.

    While it might be tempting to watch the latest and upcoming movies for free, users should remember that so-called copies made available online are often fakes or scams. Worse, these could be malware in disguise. It’s best to ignore temptation and just watch movies at the cinema.

    Users need not to worry about such threats since Trend Micro Titanium™ Security protects systems from malicious links by highlighting these (URLS) thus preventing them (users) from clicking it  in social networking sites, instant messages, and email.

    As of posting, Trend Micro has informed Facebook about this incident and they already disabled accounts involved in these scams.

    With analysis from Sylvia Lascano and Maela Angeles

     
    Posted in Bad Sites, Malware | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice