We came across this website offering cracks, keygens and serial numbers for various applications. As a rule, we advise users to avoid these sites as they clearly will want something in return for the “free information” (not to mention software copyright issues). The website http:/ /xpokey.com (provided by Worldstream, Netherlands) supposedly offers a wide collection of cracks, keygens and serials for several applications. The site offers downloads as shown below.
Clicking the download link results in the download of a malicious file – not what the user expected to get. The downloaded files include an icon similar to Windows Media Player.
We detect these files as W32/FakeAlert.JE2.gen!Eldorado. These malicious files were hosted in various domain names but have a constant IP address.
Directly accessing the various domains where the malware is stored leads to a “Not Found” page:
So – when directly linking to a file you get a successful download – but otherwise the site is inaccessible. Clearly the site doesn’t give internet user’s an “Okey eXPerience” but a Malware encounter.