Research

Pirate episodes scam

TV Series such as “The Simpsons” are hugely popular and have hundreds of thousands of fans around the world. Unlike “Southpark” – another hugely popular series – not all of them are freely available on the web though. As such, there is a high demand on the web for such episodes and as usually happens, scam tactics appear around them.
Here’s one such example that we have seen recently on the popular website Dailymotion:

When trying to watch the pirate episode, a message will appear on screen claiming that the content has been removed due to copyright issues, but luckily you can still watch it at a special URL posted in the description field.

These URLs are always shortened (or masked) with services such as bit.ly, and clicking on them leads us to:

Once again, the content is not available immediately and to watch it one needs to access a special “offer”. Clicking on any of the offer links leads further to another page:

“IWON” (example file name: IWONSetup2.3.76.6.ZLman000.exe) is actually the infamous MyWebSearch Adware type of application, detected by most AV products, though not all. (KAV detects it as not-a-virus:WebToolbar.Win32.MyWebSearch.fr)

Though this application is not directly malicious, you may want to stay away from it, since installing the app won’t bring Homer to your screen and in addition, as recently shown by my colleague Roel, online ads can indirectly infect your computer even when shown by brand programs.

Be safe!

Pirate episodes scam

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox