Click to Enlarge

Install the "codec", and this won't end well. The EXE comes from a site called Favoritetube(dot)com:



A quick check for the safety ratings of that website should be enough to tell you this is a scam. Indeed, there isn't even a movie being streamed here (despite it saying "Connecting" at the bottom of the movie player) - because if you right click on the player itself:

You can see the "player" is actually just a static image (because I'm given the option to "Copy Image Location"). The image is hosted at Favoritetube, just like the "codecs":


There are quite a lot of these sites floating around out there at present:

At this point, it's a given that I'm going to show you what happens if you install one of the files typically pushed from the above sites, right? Well, wait no longer - this....

...will deposit a rogue antispyware tool on your desktop (one of more more obnoxious ones that refuses to leave you alone):


Strange and annoying icons will start to creep across your desktop:

....and you'll have more fake system alerts than you can shake a very large stick at:



This concludes my public safety announcement. I'm off to see Dark Knight again...

I was about as surprised as The Dean was!

To quote a further post from The Dean:

"Well, that's weird. Isn't spywareguide Paperghost's blog? I know he wouldn't spam here. And, the link on the first comment goes to a 404 page."

So, we have someone spamming with broken English, dropping links to 404 pages on Spywareguide. Curious.

Now, I did have some suspicions on this - for starters, the recent blogs regarding the pirate movie websites that pop Zango installers just hit a few news websites. As this article mentions, a lot of the sites involved in this are from Asian regions - China, Indonesia etc. I couldn't help but notice the name of the poster was "Tam" - a common name in certain parts of Asia.

Coincidence? Or a possible affiliate not too happy about this being highlighted? Well, a quick email later and the results for the spammer are in:



A potentially forged Reverse DNS aside, it's a strange thing indeed that they just happen to resolve to Vietnam given that a good portion of these sites are in Asia, isn't it?

I think I'll see if any are owned by someone called "Tam".

When I return from my holiday, of course....

Bestcinemaonline(dot)com. As you can see, the site is similar to the last one (except that site is registered anonymously to an individual in China, whereas this one is registered to someone in Indonesia). Also, the format is different - the last site was more of a "movie repository", whereas this one takes the shape and style of a blog with each individual entry pointing to a film. And what films they are!

Hellboy! (Is that even out yet?)

As you might have expected, a lot of the movies end up looking like this when attempting to watch them:

.....whoops.

I must also give a special mention to one of the most confusing popup warnings I've ever seen - it really threw me, and I admit I nearly installed Zango accidentally after seeing it. If (when prompted with the Zango installer box) you click "Cancel", this appears in the middle of your screen:

"Click OK to Cancel or Click "Cancel" to continue the installation".

.....Whaaaaaa? That's a bit of a brain bender, right there. I hope this set of writeups doesn't become a Trilogy...

Click to Enlarge

Click to Enlarge