You must be wondering what these three have in common. They all appeared together in a special spam message today, in the latest incarnation of malware masquerading itself as a flash player plug-in.
This message appears very dodgy from the start:
Wow, don't ask me how I get this video, but it's realy cool http://mytinyurl.net/<hidden>
Once the link has been clicked on we get redirected to another page which claims to play a cool video of the Large Hadron Collider.
Of course, since this video is so “cool” and “new”, we don’t seem to have the correct Flash plugin for the movie, so we are asked to update it.
Far from watching the world’s largest particle accelerator in action, we get another boring old malware.
This so-called Flash update is malicious. We detect this malware as Troj/TDSS-BP.
Apparently 917130 people have already been infected .. oops already watched this great video. ;-)