It seems that the activity of this type of spamtraps has increased since the first time we detected it last week.
Like every spam message with malicious intentions, it tries to attract the user’s attention with interesting subjects so that they visit the attached link.
Below we can see some of the subjects used:
"Eiffel Tower suffers structural damage, collapse possible?"
"London rocked by gas attack, army on high alert?"
Britney found hanged in locker room?
Celtics disqualified from NBA title?
China Earthquake claims 1 million lives?
Dan Brown's latest novel?
Nokia unveils revolutionary new phone design?
Obama withdraws from elections?
The attached links can be different regarding their domain, though those we have seen up to this moment make reference to a file /r.html, which is a fake website of Porntube.
Once there, an error message will be displayed indicating the user that they need to install a component of Video ActiveX, which will install the file ideo.exe detected as Trj/Exchanger.G
Although the malware is hosted in the same domains to which the link of the spam makes reference, it connects to an IP address located in Beijing [ CHINA ] from which the creator probably view the statistics of the infected computers.