The malicious website attempts to install what is known as the Q4Rollup package, which is an encrypted collection of about a dozen exploits including keyloggers, spyware and rootkits. But according to security firm Exploit Prevention Labs, users whose PC’s security patches are up to date as of April, are safe. Alternatively, visitors are encouraged to download and launch software to view the made-up video, which, as you may guess, will trigger the attack manually.
Spammers have customized their tactics to deliver the worm in different ways. It was first reported in January, delivered via an executable e-mail attachment disguised as an e-greeting card. In recent months, however, spammers have changed their approach by attempting to trick users into clicking on links directing them to malware-infected sites.