14 DAY TRIAL // In case you’re looking for funny videos online, beware of websites that urge you to install a DivX plugin. Experts have found a scam that uses this trick to distribute malware.
According to ThreatTrack Security researchers, when users visit the shady video websites, they’re informed that the DivX plugin is missing.
“DivX plug-in required! You don’t have the plugin required to view the video. Save the video and run it locally,” potential victims are told.
The files they’re offered, apparently funny or raunchy image files, are actually a piece of malware compiled by Russian cybercriminals. The malicious elements are named something like YouLolPIC-facebook.com, MeFunnyTIFF-fb.com, IamFunnyJPEG-fb.com, YouLolPIC-fb.com or MeNiceJPG-facebook.com.
When executed, the malware contacts a remote page and an image is displayed. In the meantime, an information-stealing Trojan steps into action.
The same domain that displays the bogus DivX warning has also been found to advertise a Facebook app that also serves the same types of threats.
The Internet is full of genuine websites that host funny videos and pictures. Try to avoid ones that ask you to install all sorts of shady software, or ones that ask you to complete surveys.
Update. Panda Security's Bart Blaze has also analyzed this campaign and provides some interesting technical details. Check out his blog post.