Various fake websites that purport to be hosting a XBox Live application have been detected by Sunbelt, but are actually intent on making you download and run a password stealing Trojan that has a predilection for browsers and applications such as Firefox, Steam, DynDNS and other IM clients.
The sudden proliferation of these sites is due to a DIY kit that allows the scammer to set up an extremely simplistic website that looks like this (notice the abuse of the Softpedia assurance on the bottom that is there to try and establish a level of trust towards the site):
The only thing standing between the Trojan and your computer is this screen:
On the bright side, it says plainly that the application’s digital signature cannot be verified, and that should be warning enough that something is wrong and you shouldn’t run it.
But, not everybody is acquainted with scammers’ tricks and approaches – Microsoft is listed as the publisher and for some people that might just be enough to trust it and allow the application to run.
If the user does run it, it will download a benign-looking file which will put the “Crypted.exe” file in his Temp folder – and that’s it: the Trojan is on the computer.