Following on from yesterday's EEG Web site hack,a collection of recently registered sites, hosted on blogspot.com,claim to have obtained an explicit video featuring Hong Kong actorEdison Chen and actress Cecilia Cheung.
When a user visits one of these sites, they are prompted to download"a new version of Video ActiveX Object" to play the video. Needless tosay, the file setup.exe is not an update as claimed. Rather, it is amalicious file detected as Trojan.Zlob by Symantec antivirus products.
The malicious sites we have seen to date:
• edison-chen-cecilia-cheung.blogspot.com
• cecilia-cheung-sex-tape.blogspot.com
• cecilia-cheung-scandal.blogspot.com
• cecilia-cheung-nude.blogspot.com
So far the only method that we've seen used to direct users to these sites consists of public blog and forum comments.
The use of fake ActiveX video objects and codecs is certainly not anew phenomena, and has previously been used to target viewers of adultmaterial. However, there are a range of avenues to present maliciouscode in an appealing manner to unsuspecting victims, and it certainlyisn't restricted to just one genre. Ensuring that you and your usersare aware of the threats, and the way they operate, makes it moredifficult for this kind of malicious activity to bear fruit for itscreator.