Thursday, December 13, 2007

Another Fake Codec Site from ESTDOMAINS.

Do NOT download any installers from this website. Note that this program is a DNS Changer.

It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.

Virustotal Results:14/32 (43.75%)

My sample is CodecPretty1001.exe

AntiVir ------> HEUR/Malware
AVG ------> Downloader.Zlob.KF
BitDefender ------> Trojan.Zlob.BYQ
CAT-QuickHeal ------> Win32.Trojan.DNSChanger.abj
eSafe ------> Win32.DNSChanger.abj
Fortinet ------> W32/Zlobar.ADZ!tr
F-Secure ------> Trojan.Win32.DNSChanger.acv
Kaspersky ------> Trojan.Win32.DNSChanger.adz
Microsoft ------> Trojan:Win32/Alureon.gen!E
Prevx1 ------> Generic.Dropper.xCodec
Sophos ------> Troj/Zlobar-Fam
Symantec ------> Trojan.Zlob
TheHacker ------> Trojan/Downloader.Zlob.eie
Webwasher-Gateway ------> Heuristic.Malware

Domain Name:
Status: ok
Referral URL:

Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2007-12-11

Name Servers:

IP Address:
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2007-12-13 03:17:45 MST

No comments: