Security Insights

Naked Emma Watson Video Used To Spread Malware

Naked Emma Watson Video Used To Spread Malware
Fake videos with funny or sexual content, have long been used to entice users to download and install malware. The technique is used by hackers to convince users that they need to install additional codecs, or software, in order to play the video.

I've found several websites redirecting to "Emma Watson never seen before home video" hosted on various domains:,, etc. The page looks very similar to a YouTube page, with related videos on the left, and fake comments below the player.
Emma Watson never seen before home video

A click on the Play button, or any link on the page, shows a warning that the Flash player is out of date and a new version needs to be installed in order to play the video.
Warning about outdated Flash version
The warning is very well designed. It feels like a desktop software with an animated download function, despite being part of the web page. The user is enticed into downloading and installing a file called scandsk.exe.
Malicious executable
Once again, the malicious executable has a very low detection rate amongst AV vendors: only 7 out of 42 detect the threat.
Virustotal report

Be aware of any update done outside of official vendor websites.

-- Julien

Get the latest Zscaler blog updates in your inbox

Subscription confirmed. More of the latest from Zscaler, coming your way soon!

By submitting the form, you are agreeing to our privacy policy.