Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Summer movies are highly anticipated by the moviegoers, because Hollywood traditionally releases its biggest blockbusters during this season. Fraudsters are relentless in creating fake streaming sites, not just on the screening date of these movies, but also before the release of movies in theaters.

    The next two charts show which movies are most popular with attackers, as well as where these fake sites are hosted.

    Commonly used summer movie titles-01
    Figure 1. Commonly used summer movie titles

    Popular hosts for fake streaming sites-01
    Figure 2. Popular hosts for fake streaming sites

    How do these scams work? Cybercriminals want to lead users to download video players or sign up for streaming sites via affiliate links. Alternately, they may want to lead users to more traditional survey scams.

    Figure 3. Fake streaming sites infection chain

    The attackers use various social media sites like Facebook, Google+, Youtube, LinkedIn, and many others to drive users to the fake streaming pages.  These are hosted on blogging services like Tumblr, WordPress, and Blogger.

    Most pages on these blogs have shortened URLs that lead to the final sites we talked about earlier. Because they used the services of URL shorteners, we were able to view the number of visits per selected movie. It appears that Man of Steel, Fast and the Furious 6 and Iron Man 3 got the highest number of viewers. This data is for a two-month period from late April up to the end of June.

    Total pageviews of fake streaming sites -01
    Figure 4. Total pageviews of fake streaming sites (per movie titles)

    To lure in users, attackers use key phrases like “watch movie title online”  or “download movie title free”. Using Blackhat Search Engine Optimization or BHSEO, users looking for the above pages are lured to visit the fake streaming sites. This is also known as one of the manipulation of search engine indexes in spamdexing.

    Many of the common keywords used are what you’d expect: “watch”, “online”, “free”, etcetera. One of the more surprising keywords is “putlocker”, which refers to a UK-based file locker. In terms of countries involved, while the United States accounts for more than two-thirds of the traffic to these sites, other countries were also represented.

    Users are advised to stream and subscribe to legitimate sites and not from these fake streaming sites. Be wary of sharing posts and clicking links that could propagate these scams. In addition, there might be no such thing as online streaming or movie download except for pirated copies, which in itself can be risky.

    Trend Micro Smart Protection Network already blocks the related URLs.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice