14 DAY TRIAL // Experts have come across a Tumblr post that advertises an adult tape featuring Miley Cyrus. The goal of this scheme is to convince unsuspecting users to install a shady-looking video player.
GFI researchers have analyzed this particular scam and have found that the links contained in the initial post redirect the potential victim through a couple of URLs to an alleged fashion website.
The site, which apparently tries to mimic Fashion TV, displays a screenshot of the video, but as soon as the play button is clicked, an alert pops up, notifying the user that the “server is currently overloaded,” advising him/her to install a player called UTPlayer.
At this point, it doesn’t matter if you click OK or Cancel because a file is downloaded to the computer anyway.
Once the file is executed, the victim is presented with the option to install a toolbar called Babylon.
While the toolbar can be avoided, the rest of the installation process is full of traps. For instance, it doesn’t matter if the Accept or Decline button is pressed when the EULA is displayed. In the next phase, websites that advertise cigarettes pop up.
Finally, when UTPlayer is fired up, it doesn’t actually work. Instead, it keeps bugging you to install Adobe Flash, even if it’s already present on the system.
GFI products identify the threat as Win32.Malware!Drop, but on VirusTotal only three other vendors appoint UTPlayer as being malicious.
Finally, here’s some advice from Christopher Boyd, senior threat researcher at GFI Software:
It doesn’t matter whether your launchpad to rude video failure is Facebook, Tumblr or any other social network – you can bet your bottom dollar that promises of dubious Miley antics will only result in spam, surveys or installs of software you can probably live without.