Have you seen this yet?
Interesting…isn’t it? That’s the AIM message that I received on my own AIM account a couple of hours ago but, I will not try to visit the url if I were you…
But, just in case you visit the URK (just in case…), you will land to the same default page, index.html.
If your ActiveX Control setting of your web browser is not safely configured, a file named, mpg2-3.0.1.exe will be automatically downloaded to your system. But, even if it is properly configured and you are unaware of what you are getting yourself into because of the tempting url and the deceiving page (pretend to offer real video clip), you might also download and run the abovementioned file.
Upon execution of the file that was just downloaded, it will present a message box with a fake message that there has been a problem but what is really happening in the background is that, the downloaded file that you have just executed downloads another malicious file from the internet. This second malicious file is accessed through the url http://tiny-url.us/f.php and will later be saved and executed to the affected system as mstc.exe.
So guys and gals, you better make sure what you are getting into nowadays, try to be extra careful please and do not forget to update to the latest pattern file of your antivirus program (this can help you not to get into much trouble…).
All urls mentioned are already submitted to the Web Blocking Team.
The sample mpg2-3.0.1.exe and mstc.exe have been given the detection names TROJ_DLOADER.IBZ and WORM_NUGACHE.G, respectively.