Believe it or not, there is not a munificent, all-giving internet presence bestowing upon you and your tired, bloodshot eyes all the “Fresh Free Hardcore Movies” that you can download. If you are on your parents’ or a library computer, you shouldn’t be trying to download this stuff anyways. Avoid the site.
“Setup.exe” is being offered at hxxp://softupdate09.com, along with a misleading guarantee that the software was “100% checked by antivirus”. To be sure, the file may have been checked by antivirus, but the results certainly aren’t posted on that site. Do NOT run the file.
As can be seen on the ThreatExpert report, the file installs a “CMVideo.dll” Bho. Aside from downloading other malware, the Bho component will redirect any google search result link to a set of affiliate servers. So, clicking on a google results link will pop open a new browser to “toseeka.com”:
This somewhat more sophisticated adware technique is becoming commonplace nowadays. Popups have been clearly defined as “badware”. Sleuthing down additional behavior like this adware’s can be involved, tiresome and not quite as intrusive.
Also interesting are some of the links that the setup file drops on the user’s desktop. Currently, the “Cheap Software” link directs the user to hxxp://www.download-provider.com/?aff-id=1280. The site seems to offer a $4.95 a month service, and claims to serve up “over 1,400,000 files for you, consisting of over 1,200,000 GB of data. If you’re looking for it online, you’ll be sure to find it with us.”
Over at a complaints forum, there are a few other descriptions of the site, along with a comment that a user has filed a complaint with the Internet Crime Complaint Center (IC3) regarding the site this past Wednesday.