Those looking to see the latest 3D blockbuster movie, The Avatar, on the cheap will have to take great care in what they search for. We have become aware of at least one site that has been rigged to redirect users to a page that presents the now-familiar “play video/need codec” screen. In an unusual twist, this time it is offering a new ActiveX update rather than the usual codec or Flash player updates.

Clicking on the play button or icon will send a request to, which will then eventually offer you a file named along the lines of Activex_Setup[1].45158.exe from the domain. This is now detected as Trojan.FakeAV.

In addition to this malware page there are literally hundreds of other scam sites and pages trying to cash in on the hype around this new film. All of these sites are offering full free downloads or streaming videos of this new film. These sites are scams—some are collecting email addresses, while others are trying to get you fill in surveys, IQ tests, and so on that will eventually ask you to enter in your mobile phone number, which will sign you up for some unwanted and subscription-based, premium-rate services.

Of course, since the film has only been released to cinemas worldwide a few days ago, what are the chances of legitimate copies of the film being made available online for free? The moral of this story: don’t be a cheapskate, cough up a few dollars, and go see it in the cinema with the full 3D effects and large screen, as it was intended to be seen.