Webroot researchers recently found that a page on the Web site for Turkey's Ministry of National Education has been compromised and is distributing malware disguised as a DivX plug-in (h/t Softpedia).
Visitors to the compromised Web page are presented with a fake Facebook page that states, "DivX plug-in Required! You don't have the plugin required to view the video. Save the video and run it locally. If your download doesn't start, click here please."
"Once socially engineered users execute the malware variant, their PCs automatically join the botnet operated by the cybercriminals behind the campaign," Webroot researcher Dancho Danchev wrote in a blog post describing the threat.
At the time of Danchev's posting, only 3 of 48 anti-virus scanners were detecting the malware, though that's now up to 22 of 48, according to VirusTotal.