[unisog] Significant Rogue DNS Activity To 126.96.36.199/22 (thanks to the "FreeVideo Player" Trojan)
jladwig at mango.lioness.net
Sat Nov 18 00:17:42 GMT 2006
On Fri, Nov 17, 2006 at 03:32:22PM -0600, Brian Eckman wrote:
> Warning: long, somewhat detailed analysis below.
As you stated, bogus codecs are (and have been) a growth area for
malware installation. The Sunbelt software blog regularly warns about
specific sites, including some very professional looking websites and
SANS-ISC had a "Follow the bouncing malware" piece over a year ago on
a codec-installer trojan with EULA. With the rapid mutation of
modular droppers/installers, it's pretty hard to rely on anitvirus
signatures to defend against this sort of threat.
Thursday, November 16, 2006
SuperCodec -- latest fake codec
As always, do not download these fake codecs, as they are a hotbed of
[ ... ]
Tuesday, November 14, 2006
Codec No. 107 Posted by Kamil @ 14:31 GMT
While browsing the Internet for movies . *cough* pr0n . people often
end up downloading some DRM protected material, bundled with a license
that uses social engineering tactics to push the victim into
dowloading a "codec". These supposed codecs are downloading and
installing malware known as Zlob.
[ ... ]
Friday, November 10, 2006
More fake codecs/security scam hijack sites
[ ... ]
04 September 2006
zCodec promises video, delivers nasties
By Matthew Broersma, Techworld
Users looking for the latest and greatest video software may not just
be in danger from media lawyers. Security firm Panda Software last
week warned that zCodec, which claims to offer "up to 40 percent
better (video) quality," is in fact an adware program that can install
Trojans, rootkits and other malicious software.
zCodec is freely available online and, as of Monday afternoon, was
easy enough to find, offering downloads from its own website -
zcodec.com. The site uses images from the films Sin City and Pulp
Fiction, and claims zCodec will boost audio as well as video quality.
[ ... ]
Last Updated: 2005-07-14 03:33:23 UTC by Tom Liston (Version: 1)
The Big Con
The file that Joe downloaded was "vc3_05b.exe," a 16,373 byte long
executable. On the VCodec site, there is also a file called
"vc1_05a.exe" (9341 bytes) which is what you get if you follow the
main "download" link on the VCodec site. Also, like an extra surprise,
in several ways, to download the file "vc105a.htm" which is simply a
copy of vc1_05a.exe. Both files are packed with the executable
compressor FSG, and while they are superficially different, running
either of them has the same result: version 3.5 just has a
dog-and-pony show to go along with it.
Perhaps by now, you.ve gotten the idea that we.re not dealing with a
plain old video codec here. After all, this *is* another installment
of "Follow the Bouncing Malware." Well, no, it isn.t just a codec.
In fact, it isn.t a codec at all.
[ ... ]
Plenty other reports out there.
More information about the unisog