Pirate episodes scam

TV Series such as “The Simpsons” are hugely popular and have hundreds of thousands of fans around the world. Unlike “Southpark” – another hugely popular series – not all of them are freely available on the web though. As such, there is a high demand on the web for such episodes and as usually happens, scam tactics appear around them.
Here’s one such example that we have seen recently on the popular website Dailymotion:

When trying to watch the pirate episode, a message will appear on screen claiming that the content has been removed due to copyright issues, but luckily you can still watch it at a special URL posted in the description field.

These URLs are always shortened (or masked) with services such as, and clicking on them leads us to:

Once again, the content is not available immediately and to watch it one needs to access a special “offer”. Clicking on any of the offer links leads further to another page:

“IWON” (example file name: IWONSetup2.3.76.6.ZLman000.exe) is actually the infamous MyWebSearch Adware type of application, detected by most AV products, though not all. (KAV detects it as

Though this application is not directly malicious, you may want to stay away from it, since installing the app won’t bring Homer to your screen and in addition, as recently shown by my colleague Roel, online ads can indirectly infect your computer even when shown by brand programs.

Be safe!

Pirate episodes scam

Your email address will not be published.



The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox