Beware of referrer spam in your weblogs.
At the moment stars-vs-stars. com (hosted on ecatel btw) redirects to http:||olympionik.limewebs. com/xplaymovie.html,
which again redirects to various malware/domains at 18.104.22.168 (trouble-free.net – Michael Lavrik), an infamous IP for hosting malware.
During the last two days, the following domain names have been used:
greatmultimediaservices. com, multimediautilites. com, digitalbluemultimedia. com.
digitalbluemultimedia.com is the active one as I write this.
Poor detection at virustotal.com, 4-8 vendors recognize the malware.
It seems it is being constantly changed.
A screenshot from http:||olympionik.limewebs. com/xplaymovie.html :
If you click on that one, a file named “video-plugin.[varies].exe” will be downloaded.
As mentioned, not many AV vendors recognize those at this moment.
Maybe more later.