Over the last few days we have been getting a number of new emails with links to a specific fake video codec (which is actually a Trojan) “get_flash_update.exe“. The attack appears to have infected a number of real and legitimate web-sites to act as malware distribution points. The interesting part is the URL that is being used to invoke the download of the video codec is always different and the subject lines often contains obscene ridiculous content. Currently they are using livestreaming.html and in the past they have used default.html, stream.html, watchit.html and so on.
When doing a Google search for the URL endings you will currently find that 462 sites have livestreaming.html attached to them.