14 DAY TRIAL // A video which supposedly reveals an accident of famous singer Shakira has been found to be a front for a cybercriminal operation designed to spread a nasty Trojan.
The “video” – served from a .co.uk domain – is not actually a video, but an archive file which contains an executable called Noticiascaracolvideoaccidenteshakirabarcelona.exe.
GFI Labs experts have learned that when it’s executed, the file starts scanning the system to see if any debuggers are present and if none is found, a second malicious element (windsyslogc.exe) is downloaded.
The malware adds itself to the infected computer’s registries to ensure that it can step into play whenever the device is fired up.
Both .exe files have been identified as Trojan.Win32.Generic!BT. The names of celebrities such as Shakira have been often utilized in Facebook scam campaigns, but as it turns out, cybercriminals have no trouble in leveraging them when they want to spread malware.