Caution is being required by users due to spyware that advertises itself as an unlimited movie viewing service and prompts users to submit a payment when going through the user identity authentication process.

According to the recent AhnLab ASEC Report, Win-Adware/Shortcut.SDabada installed by Win-Downloader/KorAdware, which has been consistently discovered within Korea, advertises itself as a free ‘unlimited movie viewing’ service prompting user payment.

When this spyware is installed on a PC, an ‘Unlimited Movies’ shortcut appears on the desktop, in the quick launch bar, program, favorites, and other menus . Once the icon is clicked, a list of x-rated titles that stir curiosity is listed and prompts another click.

  
Once the list is clicked, a forged download screen is displayed . This file is simply an animated image file that makes the user believe a file is being downloaded.

Following this step, a message indicating that a free service coupon has been issued appears . According to the message, a coupon that can be used for 2-months has been issued, and can be used after the user identity has been authenticated.

When the [Confirm] button is clicked, a window for user authentication appears. However, this page is not to authenticate, but rather to process small payments

The HTML source of the page clearly indicates that the page processes a small payment of KRW 33,000.

Also, using the scroll bar to view the bottom of the page, the following message can be found.

“This site charges an online information providing fee (KRW 3,000/month for 10 months + 2-months free service, VAT separate). Due to the nature of the online information site business, refunds are not provided after registration and usage of the site.”

In conclusion, a spyware program installed without user consent prompts the user to access a website that uses ‘free’ as a message to lure a payment of KRW 33,000. Also, by inserting a no refund policy phrase in an indiscrete location provides source of friction when the user claims a refund from the company.

An AhnLab associate explains, “In the past, the profit model consisted receiving incentives based on the number of installations or advertisement impressions from the spyware producer, but the method of luring payments directly from user pockets have been recently increasing.”

To prevent being victimized by such programs, always check the following.

1. Regularly perform Windows Update.
Windows Update is the start of all security as the patches solve various vulnerabilities found in the Windows system. Updates are available one the second Tuesday of each month based on U.S. time making it best to update the system every second Wednesday of each month.

2. There is no such thing is free without a price, and always question personal information requests.
Personal information always has a high chance of being used maliciously, and much effort and time is required to undo any damages caused by such identity theft. It is always wise to not respond to requests from websites that are not reliable.

3. Use a security product provided by a reliable vendor and always have automatic updates active.
As security threat channels have diversified, it is advisable to use a reliable integrated security product provided by a trustable vendor to efficiently deal with possible threats. Also, there are many reasons as to why automatic updates are disabled, but it is not recommended due to the nature of the security product.