Blue Coat Labs

Labs Blog

World Cup Malware: Don't Own-goal Your Computer

World Cup Malware: Don't Own-goal Your Computer

Chris Larsen

This week, the World Cup soccer/football tournament began. Unsurprisingly, the Bad Guys are set up to take advantage of fans who are trying to find on-line video of the matches...

A couple of days ago, a new site called Brasil2014.pw came on line, fed by links from sports-forum sites. It looks rather unsophisticated to me, but maybe Brazilian soccer fans are more gullible than security researchers:

malicious world cup site

There are links to at least two different "video players" -- the prominent one shown to a new Flash Player (from sharesuper.info), and a smaller link in the corner to a SopCast.zip file (from download.easetuner.com).

The sharesuper.info page looks like this:

malicious Flash player site

 

It leads to a download that has pretty good recognition on Virustotal: 16 engines flagged it. This is a higher-than-normal recognition rate for PUS (Potentially Unwanted Software -- i.e., adware and low-grade spyware), and many of the AV engines class it as malicious, not just PUS, so this is definitely something to stay away from.

The other link I followed, to easetuner.com, was less exciting. There is no main site -- the domain easetuner.com doesn't resolve (with or without a "www."). The download.easetuner.com subdomain in the link does exist, but is just a placeholder page:

another malicious video player site

The SopCast.zip download is rather large (5.1 MB), and was recognized as PUS/adware by 6 of the engines at Virustotal (which is about normal for this junk).

 

So, sports fans, if you're going to watch the World Cup on your computer, please stick to reputable sites -- you don't want to "own goal" your machine with malware.

 

--C.L.

@bc_malware_guy

Share this: