Softonic.com is one of the most popular download portals in Spanish, just in the month of August more than 100 million people visited it in search of programs, so it is not surprising that some attackers take advantage of its brand to infect.
This is what they are doing with a Fake domain that pretends to be Softonic, it was registered a few days ago, it is still operational but it is already on several blacklists of phishing and malware (try not to enter, if you do, your computer could become infected):
Domain registered last week
The site does not have any armed design, you simply see the structure of the folders on your server with the names of various well-known programs such as Chrome, Skype, Google Earth, among others. Each folder contains an .exe file that actually is a trojan (VT 16/44), in addition the domain also has a subdomain structure for each program, similar to what Softonic does on its site:
Folders, subdomains and Trojan in the fake domain
If direct links to Trojans are spread by spam (email, comments on forums and blogs, social networks, etc.) it will be easy to deceive users, because many would think they are downloading the program from Softonic which is considered a safe download. An example could be the following URL (do not enter or download the file, it is a Trojan!):
Malicious url: hxxp: //firefox.en-softonic. net / firefox_6.0.1.exe
Download from fake site
As we see, it is a simple but ingenious attack that takes advantage of the great popularity of the portal. You have to be very careful when downloading programs, you always have to verify their origin and analyze them with an updated antivirus.