Celebrity's "Final Words" Fake Video Leads to PUP

XP Themed Downloads and Offers Doing the Rounds

We’re seeing numerous Youtube videos advertising programs and functionality related to Windows XP, which is interesting given it just rode off into the sunset.

A relevant angle to start off with: security programs, because a little extra security on an XP box certainly won’t hurt these days:

XP security

The above links lead to PUP executables (Potentially Unwanted Programs), which in this case Malwarebytes Anti-Malware detects as PUP.Optional.Amonetize.A. The VirusTotal score is 16 / 51, and you can see a Malwr analysis here.

xp keygen

We saw more downloads elsewhere, such as the following “Media Center” keygen which we detect as RiskWare.Tool.CK.

media keygen
Keygen

Keygens are something you should really avoid, as more often than not you never know quite what you’ll end up with. As for XP themed “setup files”, those links took us to the usual selection of surveys and ringtone offers:

surveys

We even saw XP themed adverts from installs entirely unrelated to anything to do with the above. Adam was testing a PUP  called YourFileDownloader and saw a Windows XP Driver Download advert:

XP ad

The advert leads to a download for a driver updater program:

drivers

You have to pay to register and unlock the program for use.

Registration

I’ll hazard a guess and say if you’re still running XP by this point, you probably don’t need any help keeping that box up to date with drivers and everything else. If you’re wondering, the VirusTotal score for the original executable is 5 / 51 and we detect it as PUP.Optional.YourFileDownloader.

Take care with the last minute surge of XP themed downloads and offers – whether on social networks, forums or video sharing sites a lot of what you’re going to see over the coming weeks will probably not do you any favours to install or sign up to. XP may be dead and gone in terms of updates, but that doesn’t mean pitfalls and boobytraps have followed suit.

Christopher Boyd (Thanks Adam)

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.