We continue to receive emails telling us that we’re not smart enough or don’t look good enough. It’s not totally unusual, because that message frequently is communicated by the “beauty” and “diet” industries in magazines, tv ads, etc. How dreary.
A common scam continues to make the rounds, putting the two themes together and telling us that we even look dumb. The email message includes a link to a video file, implying we might look really dumb in this video. The message even looks like crass Onion humor — next, they’ll tell us that only nerds wear glasses. Now, they are telling me “You look really stupid”. Unfortunately, users are falling for this bad line every day, and downloading and running “video1.exe” on their systems:
Also hosted at the compromised server is video.exe.
This work is from a russian gang, with the malware phoning back to a domain associated with other malware families in the russian federation:
Name: sr59.24ruhost.com
Address: 207.10.234.217
The owners of the compromised server have been notified.
These “videos” didn’t show how dumb I really look. Instead, they download adware, rogueware, and other components. McAfee’s researcher Paulo Palumbo beat us to the post this morning with a description of the blue screen that these downloaded rogueware installs frighten users with — we’ll note that this spammed executable link is one of its sources.
In our lab, we tried to reconfigure the Sysinternals’ (acquired by Microsoft) screensaver used in this attack to “enable fake disk activity”, but the necessary sysinternals components are not functional in this bundle. It’s not even fun to tinker with, don’t fall for this video.exe trick.
You’re not ugly or dumb. You’re beautiful, just right.
