Have you received an e-mail message today with a subject like "White house hit by lightning, catches fire", "Saddam Hussein found dead," or "Paris Hilton found to be gay!"? Don't touch it; it's evil!

The body of the e-mails contains another off-the-wall statement like "US Soldier throws boy off cliff, villagers enraged" or "Bad press surrounds US Army as renegade soldiers open fire on civilians" along with a link that typically ends in ….de/r.html.

Clicking the link opens a page claiming to be "PornTube," a YouTube-like site specializing in porn movies. However, the site's entire objective is to install an ActiveX control and run a file named video.exe on your system, thereby installing a Trojan that will download additional malware. Sorry, guys, the YouTube-like videos and thumbnails are just static images; any click launches the malware file. According to MX Lab the Trojan is a variant of Trojan.Downloader.Win32Agent.tyw.

At the moment the malicious attack doesn't seem to be functional. I tried letting it run under the watchful eye of PC Tools's ThreatFire 3.5 and of Norton Internet Security 2008. I clicked links and tried to allow installation of the "necessary" ActiveX control, but only got 404 "Not Found" error messages, some in German.

There's no way to close the browser or use it as a browser at this point, so I had to kill it using Task Manager. And of course this exploit might be fixed so it does successfully download malicious software to your computer. If you get one of these outrageous messages, delete it immediately and do NOT click the link contained therein.

By Neil J. Rubenking

Original Story

This entry was posted by Annette King on Thursday, June 19. 2008 at 14:54. and is filed under Virus & AntiVirus News.