Referrer spam ends up in malware – stars-vs-stars. com

Beware of referrer spam in your weblogs.

At the moment stars-vs-stars. com (hosted on ecatel btw) redirects to http:||olympionik.limewebs. com/xplaymovie.html,
which again redirects to various malware/domains at 69.10.38.27 (trouble-free.net – Michael Lavrik), an infamous IP for hosting malware.
During the last two days, the following domain names have been used:
greatmultimediaservices. com, multimediautilites. com, digitalbluemultimedia. com.
digitalbluemultimedia.com is the active one as I write this.

Poor detection at virustotal.com, 4-8 vendors recognize the malware.
It seems it is being constantly changed.

A screenshot from http:||olympionik.limewebs. com/xplaymovie.html :

Screenshot from olympionik.limewebs.com

If you click on that one, a file named “video-plugin.[varies].exe” will be downloaded.
As mentioned, not many AV vendors recognize those at this moment.

Maybe more later.

Advertisements
Posted in malware, bots. Comments Off on Referrer spam ends up in malware – stars-vs-stars. com
%d bloggers like this: