This morning I saw some interesting transactions to:
hxxp://promoupdate.info/setup###.exe
where ### are numbers, for example, "519".
MD5: 1568edcd29629f577207d7396646b741
VirusTotal results 8/43 (report), detected as (among other names):
Win32:Hottrend-B
Turns out this is being spread through spammers, SEOers, etc. being financed in a PPI model, something that I have discussed before in the past. This time I have a screenshot to share related directly to the finance aspect of this particular PPI:

This post was created today. We can see from the PPI ad that those engaging in this particular campaign stand to make between $500 and $800 per 1000 installs (


(note the RU nameservers)




