I’m not entirely sure which accident the below “Shakira video” refers to (probably not the fake aeroplane death or being chomped by a sea lion), but here’s some advice – don’t bother downloading this file from wherever or whenever you are, lest the beautiful liars behind this scam get underneath your clothes (or possibly skin) and have a good waka, waka at your expense.
Now that we’ve finished with the poorly executed song title jokes, we’ll take a look at the so-called Shakira accident video being served up from a .co.uk URL. The below exe comes wrapped in a zip, so potential victims will have to open it up to see the below:
Click to Enlarge
Despite the reasonably decent attempt at imitating some sort of movie file with the aid of the fancy graphic, it most definitely isn’t one and when executed will begin poking around for debuggers while attempting to grab another file from what appears to have been a compromised website. The URL has now been cleaned up, but thanks to the power of a little thing I like to call “the Internet” we can snag that file anyway:
This file uses the below as Regrun names, which means it’ll spring into life whenever the infected machine boots:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WindowsUpdate %Full path of self%
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WindowsFirewalls %USERPROFILE%\WinServiss.exe
We detect – deep breath – Noticiascaracolvideoaccidenteshakirabarcelona.exe and also windsyslogc.exe as Trojan.Win32.Generic!BT.
End-users should always treat salaciously titled videos involving celebrities with caution – fake accidents and deaths are traditionally a great bait for unsuspecting victims. It’s been a while since we saw Shakira appear on these pages – hopefully it’ll be a while before we see her again, as I’m all out of song titles.
Christopher Boyd (Thanks to Jovi and Reggie for additional information)
Leave a reply
