Let Me Update That For You

Let Me Update That For You

This all starts of where a lot of suspicous activity is held, within porn. I was researching some suspicous URL's via URLquery when I came across a link with the patterns /sTDS/go.php?sid=IDNUMBER

This traffic distribution system was very easy to get to grips with, and had a fair amount of sites being redirected, most sites were porn, which led to downloading something.

In this particular site we can see that there is a call for this strange URL circled. This is where we begin our journey in updating our systems due to the friendly reminders from our good ol' porn sites.

First we go to an image, which I can only think of as being a tracker of some sort, most likely for statistics. The most interesting part of this page is the top.location.href, from the URL it seems like we will be downloading something fairly soon.

Oh good. Seems like our browser software is out of date? :(( Thanks MR dodgy site for telling me to update my systems, looks like I was close to infection! An alert too, which makes this all the more legitimate for me to take action to this.

I will point out I had closed a window which was just basically hovering over this, same idea. Plz download my exe noaw. Everything on this page will most likely redirect you to there exe setup.exe.

It's okay, they last checked at 19/6/2014, they know what they're doing!

I didn't know I was getting a premium installer! 

 

The main attraction, AppUpdater, common PUP. I will decline, thanks.

 After installing the wonderful software they have been paid to show, you have these wonderful instructions from them. Giving you a step by step on what to do after the installation. Thank god for that, I didn't exactly know how to start search for a program. What also got me here was there wonderful use of doubleclick.net advertising, which is owned by Google.

10/10 PUP.