The gang serving up malicious downloaders from a couple of servers just spiced things up, changing streamviewer and softwarefortubeview to “onlinemovies.40008.exe” to the list of obnoxious files served from 18.104.22.168. Av detection is very low. It seems that the isp’s may be acting on public information — the sites were up for only a short time today, but ThreatFire protected the community from this prevalent malware all morning.
Related names currently resolving to that address include
The group seems to be branching out from the phony movie player theme, more often packaging up the downloader into serial generators and crack installers like serial.dragon.naturally.speaking.9.45042.exe and crack.sony.vegas.platinum.edition.9.0.45057.exe. Pirates and p2p users need to be careful of what they download and run.