Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here). Afterwards, we started to see more and more fake video codecs and less of free MP3s. Well, now they are back! Some of the fake MP3 pushing domains are:Mp3tube.info
Mp3sland.com
mp3files4free.com
gt-mp3portal.com
Here are some screenshots showing fake MP3 listings and download screens:
As of now, detections for the malware being pushed by these sites are very poor. Here’s a VirusTotal scan result for one of the downloaded files. This file had double extension to spoof an innocuous PC user.File Sound.mp3.exe:
CAT-QuickHeal - (Suspicious) - DNAScan
eSafe - Suspicious File
F-Secure - Tibs.gen200
Norman - Tibs.gen200
Sunbelt - VIPRE.Suspicious
Please do NOT visit any of the sites mentioned above!!!!
