I believe that setting up a hosting account for my blog is better than using “canned” CMS set-ups like on wordpress.org. You have almost total freedom to install whatever you need, whenever you need to.
While having that level of control is nice, you really have to be on your toes and investigate anything suspicious if you’re going that route.
I was checking my server logs and found a site that had externally linked to my blog. Out of curiosity, I followed the link and it pointed me to a page with random content.
That random page, in turn, pointed to a YouTube-like streaming porn site. However, inspecting the links showed that they pointed to a file called “MultyCodecUpgr.7.20254.exe”.
Using a sandboxed browser, I downloaded the file and scanned it with AVG but the results were negative. I tried scanning the file with a spybot scanner, but it didn’t work correctly in a sandboxed enviroment– Windows asked me if I wanted to run the file. Duh… :-P I emptied out the sandbox.
Googling that filename turned up plenty of links showing it to be malware in the guise of a codec installer.
I did a reverse DNS look-up and the site appears to be hosted on bluehost.com so I fired off an email to their abuse department.
It’d be interesting to see if they take any action or do nothing since I’ve heard negative stories about bluehost.com; mainly negative comments in blogs and such.
I’ll re-visit that page in a week’s time and see if it’s still online.
Tags: bluehost.com, fake codec, malware, MultyCodecUpgr, spyware, virus
Entries (RSS)