A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck results:
If you do not want the joke to be on you, do not visit this site (portadosfundos) until it has been cleaned.
This forces the browser to load a fake and malicious “FlashPlayer” executable that looks like a legitimate updater:
According to our findings, the infection is aimed at Windows users running Internet Explorer. Also, the language of the fake yellow “Missing Plugin” alert bar at the top of the page is Brazillian, even for non-Brazillian IPs, which tells us that this is a targeted attack.
While the file is detected by a few Anti-Virus vendors already, not all of them are (especially the most popular AV engines):
We’re performing further investigation and will update this blog post with new information if available.