Zlob brings back fake MP3s!
Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here). Afterwards, we started to see more and more fake video codecs and less of free MP3s. Well, now they are back! Some of the fake MP3 pushing domains are:
Here are some screenshots showing fake MP3 listings and download screens:
As of now, detections for the malware being pushed by these sites are very poor. Here’s a VirusTotal scan result for one of the downloaded files. This file had double extension to spoof an innocuous PC user.
CAT-QuickHeal - (Suspicious) - DNAScan
eSafe - Suspicious File
F-Secure - Tibs.gen200
Norman - Tibs.gen200
Sunbelt - VIPRE.Suspicious
Please do NOT visit any of the sites mentioned above!!!!