Security Alert: Handbrake Download Mirror was Compromised

HandBrake

From Handbrake.fr:

SECURITY WARNING

Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it.

Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you’ve downloaded HandBrake during this period.”

If you have Handbrake installed on your Macs, you should check if it is compromised by this Trojan.

Also:

“Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores.”

YIKES!

Malware, Malware and more Malware.

For the past week I have been removing a lot of Malware from a lot of computers running Windows XP, Windows Vista, Windows 7 and Windows 8. Some are harder to remove than the others. In general I’d like to avoid the Scorched-Earth scenario whenever possible, as it is the last resort.

Malware Script

There are a lot of ways to remove Malware, there is not a single solution.

Whenever removing Malware from Windows computers I tend to boot to Safe mode with a Command prompt and remove any Malware reference from “Run” key in the registry and Start from Programs Menu.

Some tools/programs that I use:

I then use Microsoft’s Malicious Software Removal Tool and Safety Scanner to for the second run of Malware removal.

There are a lot of other tools/programs that I use to remove the Malware whenever necessary.

 

Scam Alert: movieplayerupdate.com and videoplayerdownload.co

A Mozilla Firefox user reported popup ads from movieplayerupdate.com (movieplayerupdate.com/mtrack/free_download/1/pre/).
Another Mozilla Firefox user also reported the popup ads from movieplayerupdate.com (movieplayerupdate.com/flashplayer/download_free/).

Both links now show 404 not found, but not before we managed to grab a screenshot. It says:

http:// movieplayerupdate.com

WARNING! Your Flash Player may be out of date. Please update to continue

movieplayerupdate_dot_com

The site is also telling user:

Please Install Flash Player Pro to Continue

Remember folks, there is no such thing as “Flash Player Pro”.

The links on both “REMIND ME LATER” and “INSTALL” point to: mtrack10.com/base2.php

By clicking either button, an executable file will be downloaded.

movieplayerupdate_dot_com-scam

A user sent us a note that similar popups from videoplayerdownload.co were found (videoplayerdownload.co/free-download/mt/1/pre/).

videoplayerdownload_dot_co-scam

The “Install Now” link also points to mtrack10.com/base2.php

videoplayerdownload_dot_co

It seems that both movieplayerupdate.com (whois info) and videoplayerdownload.co (whois info) are registered by the same individual through GoDaddy on the same day (Feb 20, 2013).

The domain mtrack10.com (whois info) is also registered through GoDaddy one week earlier (Feb 14, 2013).

By clicking the “Install Now” button, an executable file will be downloaded.

——-

It is pretty obvious the individuals behind the domain names mentioned above are unscrupulous. Do not blindly download some programs just because a popup told you so.

To update Flash Player, download it direct from Adobe.

http://www.adobe.com/products/flashplayer/distribution3.html