Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zcodec After Vcodec


  • Please log in to reply
4 replies to this topic

#1 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:56 PM

Posted 02 September 2006 - 12:08 PM

Hi all,

just found this via one of my rss feeds:

Rootkit Changes Search Results

September 1st, 2006
by Tim Wilson, Site Editor

Zcodec, a new malicious program that incorporates a rootkit, can alter Internet search results, install adware, and fool users into installing Trojans, the security company reported on Wednesday.

Source: Dark Reading


"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter

  • Topic Starter

  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:56 PM

Posted 05 September 2006 - 03:33 AM

Hi,

here just a quick update:

http://groups.google.com/group/alt.privacy...23639dd2004b730

It is produced by the SAME 'codec' guys who are creating the ZLob Trojan installers that are
disguised as Video Codecs.


The files that come from them are named such as...
dvdcodec1000.exe
ZCodec1000.exe


The ZLob installers will have names like...
sv-codec-v4_01a.exe
mediacodec-4.207.exe
intcodec-v6.535.exe
intcodec-v6.107.exe

...


"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#3 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:08:56 AM

Posted 05 September 2006 - 10:23 AM

More here via my RSS feed.

zCodec promises video, delivers nasties
Users looking for the latest and greatest video software may not just be in danger from media lawyers. Security firm Panda Software last week warned that zCodec, which claims to offer "up to 40 percent better (video) quality," is in fact an adware program that can install Trojans, rootkits and other malicious software.


Panda Advisory - ZCodec
Brief Description

ZCodec is an adware program that passes itself off as a video codec.

It accesses an IP address on the Internet in order to download and run a certain file at random. This file can be of any nature. For example, ZCodec could download the Trojan Ruins.MB, which uses rootkit techniques in order to hide itself. Or, it could install an online casino.

ZCodec also changes the DNS configuration and monitors if the user accesses any of several adult websites.

ZCodec can be voluntarily downloaded from a certain website.


Posted Image

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter

  • Topic Starter

  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:56 PM

Posted 15 September 2006 - 10:10 AM

Hi,

now there s also some other codec: StrCodec

A list of sites that install bad stuff through advertising codes, can be found here and here

rgds,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 Yourhighness

Yourhighness

    The BSG Malware Fighter

  • Topic Starter

  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:02:56 PM

Posted 24 September 2006 - 12:42 AM

We now also have: winmedia codec. Who is details: http://whois.domaintools.com/winmediacodec.com

Edited by Yourhighness, 24 September 2006 - 12:43 AM.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users