Yesterday we saw a message that promised to show you a video about the disaster after the earthquake and the tsunami. It included a link, that was an executable file:


This is just a downloader, that downloads and installs more malware in your computer. It also downloads a HOSTS file and overwrites in your computer to redirect the browser in case you visit any of the following web sites:

Taking a look at the URLs where the HOSTS file is located, we have found another directory in the same server that contains some highly suspicious folders:

This is what we see if we visit some of these folders:

These are phishing sites to steal your credentials. Don’t worry about this one, as since yesterday we are blocking the URLs and the malware was proactively detected with TruPrevent.

If you really want to help our Japanese friends, please click here and donate now.