The Blog at

My Ramblings

New Threat – setup_build8_259

Posted on | December 25, 2009 | Comments Off

If I could wring the neck of internet criminals that try to steal money and resources from people, I would do it in a second. Nothing is more discouraging than to loose something that some low life stole from you. Since I can’t really do that, at least I can try to spread the word of scams that I run across to at least minimize the loss of others.

In the spirit of spreading the word, I wanted to share my latest scam. I wanted to find out if the Walmart near me was open today since it was Christmas. Here is my process

I went to and type in “Walmart Holiday Hours”. Without thinking much I clicked on the first result in the organic results (not the sponsered results). That domain showed up as, which is a entertainment news blog. The site is legitamate, but I think they may be hacked, because I was sent to this exact URL: (DO NOT GO HERE!). That does a web redirect to, which as you may suspect is anything but secure. The domain registration is listed as such.

Registrant Contact:
Garritt Kooken
+86.592257788 fax:
Rue de Virton 237
Evegnee Evegnee 11111

I can’t even determine where that is, but it we’re definitely not in Kansas anymore. The e-mail address in the The Netherlands. Feel free to flame this e-mail address.

Now the magic happens. You are asked to download a file and run it.christmas_scamshot

Click on the thumbnail to see what it looked like on my computer. The file you are asked to download is called setup_build8_259.exe. I would highly recommend that you not download this file. If you did already, then you are infected.

Hopefully this post will help someone else out and keep the criminals fishing for nothing.

Share and Enjoy:
  • Print this article!
  • E-mail this story to a friend!
  • Facebook
  • Digg
  • Sphinn
  • Mixx
  • Google Bookmarks
  • StumbleUpon
  • Twitter
  • Technorati
  • Yahoo! Buzz


Comments are closed.