14 DAY TRIAL // A video promising adult content that features Emma Watson, Harry Potter's wizard friend from the movie, turns out to be the source of a nasty piece of malware that looks for a way to infect our system.
Zscaler Threat Lab found the malicious link which supposedly points to a site that stores an "Emma Watson never seen before home video."
Hosted mainly on Russian domains such as strongrzholder.rr.nu or smartutnetwork.rr.nu, the page looks very much like a legitimate Youtube page, its center being occupied by a picture of the celebrity.
To make the whole thing look more realistic, the mastermind of the operation placed a lot of comments under the clip that seem to come from users who already took a peek.
Once the Play button is hit, the site warns you of an out of date Flash Player which needs to be updated in order to view the footage.
The Adobe Flash Player download window is also perfectly replicated to make the scheme more trustworthy but it's only a browser pop-up that leads to the actual perpetrator, which in this case is represented by a Trojan.
A scandisk.exe file is what holds the malevolent element which at the time of the discovery was correctly identified only by 7 out of 42 vendors.
Adult videos that allegedly feature celebrities are a good way for cybercriminals to spread their infections and that's why you must be cautious when faced with such offers.
The conclusion we can draw from this situation is that media content that requires additional downloads will in most cases turn out to be some sort of Internet threat. If you actually need a certain player or a codec, make sure to procure it only from the vendor or from other trusted websites.
Sophisticated pages with a complex design can easily dupe the average internaut into believing it actually contains what it promises.