You need a codec to watch this

Angelina Jolie continues to lead in the “top malware subjects” competition. Today’s version of the spammed out “Angelina Jolie naked clip” malware would not be worth blogging about if it wasn’t for the quality of website that it points to.

The website mimics the popular media player and looks like it is ready to show you the video you so desperately want to watch. The pop-up that prompts you to install the missing “video codec” is also quite convincing:


Of course the “player” is just a static picture and the “codec” file video.exe is malware detected as Troj/Inject-CR.

The malicious page is hosted on a compromised domain  that belongs to a textile manufacturer. This domain has been hosting different kinds of malware since Aug 22nd. Most recently, it was also seen in “Canadian Pharmacy” spam as a redirector to spam pills store.