spywarecleaners.info

spywarecleaners.info header image 2
“No Longer Available…” iTunes Scam: “Send Us Your iTunes Card Codes”

Asobi Seksu And The Musical Malware

April 15th, 2009 · No Comments

Price For Acomplia Drug Information Hoodia Testimonials Price For Penisole Comparison Aldactone Free Samples Where To Get Doxycycline Comparison Discount Soma Proper Dosage Penisole Discount Zithromax Tablets Topamax Dosage Nolvadex Mail Where To Get Avapro Australia Price For Avapro Proper Dosage Price For Levitra United States Taking Flomax Antabuse Generic Diflucan Faq Herbal Stromectol Cheapest Pills Order Phentrimine Honolulu Herbal Propecia Health Forum Lasix Nexium Dosage Where Order Cytotec Swaziland Generic Clomid Augusta Hoodia Description Generic Tramadol Annapolis Where Order Prevacid Mexico Where To Get Nolvadex Equivalent Herbal Diflucan Australia Where To Get Tramadol RX Tramadol Description Where To Get Seroquel Forum Where Order Inderal Effects Discount Lipitor Proper Dosage Norvasc Price For Lotrisone Comparison Generic Acomplia Effects Buy Neurontin Price For Accutane Italy Where To Get Hoodia Canadian Discount Antabuse Horny Goat Weed Generic Nizoral Richmond Levitra Comparison Purchase Levitra Elimite Comparison Price For Nizoral Health Forum Generic Elavil Horny Goat Weed Where Order Cymbalta United Kingdom Where Order Flomax Overnight Delivery Order Erythromycin LittleRock Online Seroquel

Asobi Seksu are one of my favourite bands of recent years, and while trying to work out where to buy a little known acoustic album they released not so long ago, I happened to come across a website called

music-megaupload.com

They’re clearly riding on the back of the name of the legit file download site Megaupload. More importantly, they claim to be offering up a full version of one of their albums:

asobi1.jpg

Click to Enlarge

As you’ve probably guessed, that is NOT anything remotely resembling an album - rather, it’s an executable file pretending to be a rather good album.

Oh, the blasphemy.

Anyway, once the file is on the PC, you can’t help but notice…well….take a look for yourself:

asobi2.jpg

While I’d like to think the album was so good someone decided to give it an Oscar, the truth is sadly a little bit different. Run the file, and you’ll see an installer prompt for one of those not-so-wonderful fake media codecs:

asobi3.jpg
Click to Enlarge

Continue with the installation process, and you’ll find your browsers aren’t working. That’s because this is a variant of the DNS Changer trojans that enjoy breaking your internet, usually while downloading fake backgrounds warning of dire infections that only rogue removal tools can fix. Here’s your tampered-with DNS settings:

asobi4.jpg

Lovely.

The executable is served up from

implugins.net

which has been around since March 2009, with an EMail address associated with numerous malicious domains. Coverage is rather poor for this file at present, here’s the Virustotal results:

asobi6.jpg

As you can see, only 5 out of 40 scanners pick it up at the moment.

In conclusion, then, we have

1) A fake weblog trading off the Megaupload domain name
2) Endless fake MP3 and albums served up from a second domain, which are actually DNS changer trojans disguised as media codecs. This is itself an interesting tactic, as usually fake media codecs are served up in exchange for what the user thinks are movies, not music.

If you really want to grab some Asobi Seksu music for free, I’d suggest doing it the legit way - visit their official media page.

You definitely don’t want the Oscar remix edition…

Original post by Christopher Boyd and software by Elliott Back

Tags: Spyware Research · asobiseksu · fakealbum · fakemp3 · malware · trojan