Tuesday, 14 January 2014
"Uncensored download" spam leads to adware
Underground XXX files
Free porno torrents
The body text contains just a link to [donotclick]goinst.com/download/getfile/1205000/0/?q=Uncensored%20download
In turn this downloads a file Uncensored download__3516_i263089565_il6090765.exe and of course that's about as trustworthy as a van with "FREE CANDY" scrawled on the side. In blood.
A quick look at the EXE in VirusTotal indicates that it's some sort of Adware, probably pay-per-install. An examination of the binary shows a digital signature for Shetef Solutions & Consulting (1998) Ltd who are probably not behind the spam run, but are probably inadvertently paying the spammers for installations.
A Malwr analysis of the file can be found here.