While users are trooping to watch Iron Man 3, some may scour the Internet to look for bootleg copies or free movie streaming. This gives the bad guys an opportunity to serve users with their dubious schemes.
We conducted a simple Google query and found more than a hundred websites claiming that they provide movie streaming of Iron Man 3. (The movie has already opened in some countries but not the United States, making these claims more credible at first glance.) These supposed streaming sites using popular blog providers, with half of these sites using Tumblr.
Figure 1. Half of the fake Iron Man 3 sites we found use Tumblr
Once visited, these sites ask users to download a video installer file. Based on our analysis, we found that this file was what it said it was – a legitimate video player. This particular video player has been known to display aggressive ads in the past, although we did not see that behavior this time. In addition, the player could be used to download and view pornographic materials.
However, it’s still possible that these legitimate files would be replaced with malware at a later time. Thus, it won’t be a complete surprise if we find a malware-hosting webpage disguised as an Iron Man 3 streaming or downloading page anytime soon.
Unsurprisingly, some bad guys have also used Facebook to spread links advertised as providers of free Iron Man 3 movie streaming. Users may encounter these as feeds on their Facebook page, together with a link to the said site. But once users click the link, they are redirected to several web pages until lead to another survey scam, not to mention spamming their Facebook contact with the same Facebook post. Other similar Facebook ruses we documented in the past include the “Facebook Profile Viewer” and the survey scam under the veil of the much talked-about Google Glass competition.
Figure 2. Screenshot of page leading to survey scam
High profile summer flicks like Iron Man 3 are typical cybercrime baits because they have been effective in tricking users into visiting shady websites, including those the host malware and dabble in survey scams. Because of the clever use of social engineering tactics, users may end up falling into the bad guys’ traps. Thus, it is important to be aware of how social engineering works and be conscious with what you click and share on your Facebook and other social media accounts. Trend Micro blocks the related sites and domains related to this threat.
Leave a reply