While users are trooping to the cinemas to watch Iron Man 3, some may scour the Internet for bootleg copies or free movie streaming. Unfortunately, this gives the bad guys an opportunity to serve users with their dubious schemes.
We conducted a simple Google query and found more than a hundred websites claiming that they provide movie streaming of Iron Man 3. (The movie has already opened in some countries but not the United States, making these claims more credible at first glance.) These supposed streaming sites use popular blog providers, with half of these sites using Tumblr.
Figure 1. Half of the fake Iron Man 3 sites we found use Tumblr
Once visited, these sites would ask users to download a video installer file. Based on our analysis, we found that this file was what it said it was – a legitimate video player. This particular video player has been known to display aggressive ads in the past, although we did not see that behavior this time. In addition, the player could be used to download and view pornographic materials.
However, it’s still possible that these legitimate files would be replaced with malware at a later time. Thus, it won’t be a complete surprise if we find a malware-hosting webpage disguised as an Iron Man 3 streaming or downloading page anytime soon.
Unsurprisingly, some bad guys have also used Facebook to spread links advertised as providers of free Iron Man 3 movie streaming. Users may encounter these as feeds on their Facebook page, together with a link to the said site. But once users click the link, they are redirected to several web pages until lead to another survey scam, not to mention spamming their Facebook contact with the same post. Other similar ruses we documented in the past include the “Facebook Profile Viewer” and the survey scam under the veil of the much talked-about Google Glass competition.
Figure 2. Screenshot of page leading to survey scam
Needless to say, these sites do not lead to the actual Iron Man 3 movie. Some of these sites, however, may ask users to register and ask for their credit card number, which is highly suspicious.
High-profile summer flicks like Iron Man 3 are typical cybercrime baits because they have been effective in tricking users into visiting shady websites, including those the host malware and dabble in survey scams. Because of the clever use of social engineering tactics, users may end up falling into the bad guys’ traps. Thus, it is important to be aware of how social engineering works and be conscious with what you click and share on your Facebook and other social media accounts. Trend Micro blocks the related sites and domains related to this threat.
We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.
With insights from Fraud analyst Paul Pajares.