W.O.P.R   W.O.P.R Playback of fake Movie and/or download of Flash player/codec   Help


An example of how the users are tempted to download malware

To take the playback, and see what the users see, you can activate this link: Hey, you need a W.O.P.R PlayFlash update

A description of the process

There is various methods to attract the user. It can be referrer spam or blog spam, but the end result is the same. Tempting the user to click on a link. In this playback, the link originally started at: h t t p : //mynudenetwork.com/flash2/?aff=5041

What happens if you click the link, or are being taken there by incidence

When, or rather if, you click on the link, you will W.O.P.R Lookget the following HTML Notice this part: var url = "h t t p://mynudenetwork.com/load.php?aff=5041&saff=0&sid=3"; This is the ultimate destination (more or less) for the malware download. But lets take a deeper W.O.P.R Looklook at the link Notice that the link points to h t t p://mynudenetwork.com/load.php?aff=5041&saff=0&sid=3 which looks like a PHP side. But acutally the user is being redirected to h t t p://mynudenetwork.com/./soft/temp/3_c7502c5_0/XXXmediaCodec.exe And that's where the malware is residing.

The playback

This playback is based on actual HTML and Javascript. BUT the endpoint is of course not malware. I have chosen to redirect to http://turnofftheinternet.com since this has been a favorite of mine since - loong time ago. Take the W.O.P.R PlayPlayback tour. Note Doesn't illustrate the real thing. Need an .exe file. - see later.

The playback - .exe file

This playback is based on actual HTML and Javascript. BUT the endpoint is of course not malware. Instead it is a little program written in Delphi, just doing a showmessage. It will show this little popup to illustrate execution of the program Picture of the showmessage popup and the source code is:
program endpoint;
  Showmessage('Hey, you has just been infected');
 Take the W.O.P.R PlayPlayback exe-file tour.