OFFICIAL SECURITY BLOG

Fake Private Videos Offer Surveys, EXEs and .XPI Installs

July 31, 2014 | BY

We’re seeing a number of fake video pages doing the rounds called “Private Video”, which use a couple of different tactics to get what they want from potential victims of their shenanigans.

One page claims Flash Player has crashed, and will need to be updated. In the below example, the link apparently took users to an .XPI (Firefox extension) download called “PremiumD.XPI” which was offline at time of writing.

There are references to the same filename on other similar fake video sites but the ones we looked at were all also offline, so we can’t currently give you more information on that side of things.

.XPI time?

The other site is more straightforward, claiming age verification is required to unlock an 18+ movie.

fb-videos(dot)herokuapp(dot)com/yt/cpa(dot)php

Unlock?

The URL contains a clue as to what comes next – “CPA”, cost-per-action.

Clicking the button directs users to a survey gateway page, and – in this case – took us to some sort of French movie player sign-up.

Oh.

We did the time honoured tradition of “messing with the URL a little bit” – that is, removing bits and pieces (such as the “/CPA”, then the /YT/”) and seeing what else we could find.

We saw another YouTube page with a link to a Google Drive page which has removed whatever file was being served up:

File removed

Elsewhere, we found a live download of something claiming to be Adobe Flash Player V21:

Flash download?

We’re still looking at the sample, but based on what we’ve seen so far we would advise anybody going near these sites to be very careful and not run / install anything offered up, whether browser plugins or EXEs.

Racy and salacious movie clips which have been placed behind a fake barrier are one of the oldest tricks in the book – readers are advised to ensure the URL they’re on actually is Facebook / YouTube, refuse any and all offers of “upgrading flash” to view a video and never be enticed by “adult content” which requires installs.

Do the right thing, and let those videos be as private as they want to be…

Christopher Boyd