Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Naked Emma Watson Video Used To Spread Malware

October 26, 2011 - 1 min read
Fake videos with funny or sexual content, have long been used to entice users to download and install malware. The technique is used by hackers to convince users that they need to install additional codecs, or software, in order to play the video.

I've found several websites redirecting to "Emma Watson never seen before home video" hosted on various rr.nu domains: strongrzholder.rr.nu, smartutnetwork.rr.nu, etc. The page looks very similar to a YouTube page, with related videos on the left, and fake comments below the player.
Emma Watson never seen before home video

A click on the Play button, or any link on the page, shows a warning that the Flash player is out of date and a new version needs to be installed in order to play the video.
Warning about outdated Flash version
The warning is very well designed. It feels like a desktop software with an animated download function, despite being part of the web page. The user is enticed into downloading and installing a file called scandsk.exe.
Malicious executable
Once again, the malicious executable has a very low detection rate amongst AV vendors: only 7 out of 42 detect the threat.
Virustotal report

Be aware of any update done outside of official vendor websites.

-- Julien
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.