Public profiles are a great way to tell people about yourself, just look at the hundreds of sites that offer such a feature. These features however, can be just as bad for the visitor. Take the following for example;
This profile, contains a lovely little link that takes you to;
As you can see, this loads an iFrame that then loads;
This then loads the following little script;
Which as you can see, takes you to;
.... which is where the fun begins. alldebt.biz, uses a 302 redirect;
Which as you can see, takes us to theprivatetube.com, which loads;
This then loads a 187K executable;
Which Avira kindly flagged for me .........
VT results for wmcodec_update.exe;
Extraction of the executable failed whilst named .exe, so I tried renaming it to .zip (Universal Extractor identified it as a 7-zip file), and voila - I could extract it. The following is it's contents;
Sadly, detection for sx2_77000560.exe is rather pitiful, with only 2/36 actually detecting it;
The ýŠ€ and $R0 are all 0 byte files ........ Sadly, Universal Extractor, whilst again, identifying sx2_77000560.exe as a 7-zip file, could not actually extract it.
Looking through the wmcodec_update.exe executable shows some interesting content too. For example, it contains the following URL references;
Both URL's return the same content;
bestsearch3.com and bestsearch4.com, both failed to return anything useful.