What happens when you cross a stolen hacker database with open distribution? Why this of course (graphic version to the left);
The malicious link in this case is the one leading to;
video-share.servegame.org/Best.html (IP: 18.104.22.168 [ hop.mywebhop.org ])
... as this leads directly to codec infections at;
danicamarkovic.ca/php/codecs/codec_pack_3.2.1.exe (IP: 22.214.171.124)
track-turbo.com/download/TestCodec.v.3.127.cab (IP: 126.96.36.199 [ vp164018.hk.uac65.hknet.com ])
The latter of these two, track-turbo.com, returns a 404. Detection for codec_pack_3.2.1.exe is absolutely rubbish as usual.
Basing it on the strings, attempts to run it in VMWare, Sandboxie, Anubis, ThreatExpert et al, would fail (not that it'll stop me trying);
Needless to say, this is being targetted specifically to r00t-y0u members (not that surprising - the various forums are often trying to hack each other and/or out-do each other in varying ways). However, this domain is likely going to be used in other less targetted campaigns, so block it ASAP.