I saw this supposed movie clip with comment posted to an article regarding the imminent release of the latest Resident Evil title:
Click to Enlarge
“Amazing gameplay video (must see)”.
Anything touted as some form of gameplay footage is always going to pull in a bunch of instant clicks, especially as the game isn’t on sale yet (this same person has also been busy elsewhere, posting to any number of game trailer related postings on the same reviews website):
Click to Enlarge
However, clicking the “gameplay video” (which is actually just an image file) opened a popup ad served from an ad network and took me to the website of the player where this “amazing gameplay video” could be found – kubitku(dot)com:
Click to Enlarge
Or rather, it would be found there if their player wasn’t “Based on Youtube player 7.21″ which apparently means “Your system doesn’t support this video”. A couple of download notices in the yellow bar at the top and a “Click to get the player” button make it quite clear that the end-user needs to go download something to make this work.
In testing, clicking the button sent us off to ad campaigns unrelated to video players, like this unused ringtone domain:
Click to Enlarge
Take a look at the HTML of the page linked by the player button. See that bit.ly link? Here’s the stats for that one – 7,000+ clicks in the last 7 days, around 30,000+ in total with the bulk of traffic coming from the US. We can feed that shortened URL into a LongURL tool, and reveal a few more links including a full length, fleshed out and ready to roll version.
That one will take the end-user to the below website, coolyoutubeplayer(dot)com:
Click to Enlarge
The installer contains a EULA, and an install screen later there’s some pre-ticked boxes for both Babylon Toolbar and SearchYa (with their own terms and conditions to read through):
Click to Enlarge
Click to Enlarge
Eventually, the player is installed and end-users can search for words – it will retrieve a collection of different videos based around whatever you searched for:
Click to Enlarge
Of course, this whole hike through a bunch of different websites only began in the first place because I saw someone link a “cool gameplay video” for Resident Evil 6 (in the form of an image file made to look like a video player), and only for pulling out an expanded link from a shortened URL I’d still be sitting on the dead ringtone website.
At the end of it all, I still have no video to show for it and the lolcat in the tank doesn’t really make up for that fact. While my heartstrings still burn with the pain of unfulfilled promises made by now deleted spamposts, console yourselves with a VirusTotal infodump and the knowledge that we detect this as Click run software (v).
Christopher Boyd
Leave a reply
