You’re going to have to wait for it to come out. And if you don’t, you may be sorry you didn’t wait.
The group pushing blackhat SEO tactics to abuse the most popular networks, including digg.com, blogspot.com and others, continues to prey on those interested in upcoming movie releases.
First, a user most likely will come across popularized phony links within the blogosphere. Here is an example of the group’s digg.com abuse, where they entice Harry Potter fans with text: ‘Watch “Harry Potter and the Half-Blood Prince” online free’, and fill up the digg comment list with related keywords to attract more search engines:
This link redirects to a blogspot post that contains more images from the movie itself, intensifying the anticipation and convincing the user that the movie is only one click away ‘Watch “Harry Potter and the Half-Blood Prince” movie 2009 online for free’. See an example of the blog post here:
Clicking on any one of these links on the blog post redirects the user to the standard phony video offer:
It is here that the user is prompted to download and install the additional “streamviewer” malicious downloader component from exe-center .com at 64.20.38.171, which we have been monitoring. This phony viewer is really a downloader component that has been installing all sorts of malware, changing its selection of malware on a daily basis: Koobface (the digg user most likely is into social networking), adware, scareware, click fraud components, spambots, spyware and more. Missing out on an early peek at Harry Potter is then the least of the user’s worries.
This theme predictably will be used over p2p networks and other vectors of delivery in the coming weeks. Stay tuned.
