Saturday, December 1, 2007

CodecTime.com



Another Fake Codec Site from ESTDOMAINS.
Do NOT download any installers from this website.
Note that this program is a DNSChanger. It pretends to be a browser add-on for viewing porn which is actually a Trojan Horse program.It has the capability to install a Rootkit on to your computer to re-route your Internet searches through the bad servers to make money for them.

Screenshot:

CodecTime.com

And this is why we call it as DNS changer:

Additional information:

Domain Name: codectime.com
Status: ok
Registrar: ESTDOMAINS, INC.
Expiration Date: 2008-09-21
Creation Date: 2007-09-21
Last Update Date: 2007-11-29

Name Servers:
ns1.codectime.com
ns2.codectime.com
--------------------------------------------------------------------------------
Extended Info IP Address: 64.28.184.184
Website Status: active
Server Type: Apache/2.0.59 (FreeBSD) PHP/5.2.1 with Suhosin-Patch
Cache Date: 2007-12-01 03:04:48 MST


VirusTotal results:


My sample is: CodecTime1090.exe

AntiVir ---> HEUR/Malware
AVG ---> Downloader.Zlob.KF
BitDefender ---> Trojan.Zlob.BYQ
CAT-QuickHeal ---> Win32.Trojan.DNSChanger.abj
eSafe ---> Win32.Zlob
Ewido ---> Downloader.Zlob.eie
Fortinet ---> W32/Zlobar.ADZ!tr
F-Secure ---> Trojan.Win32.DNSChanger.adz
Kaspersky ---> Trojan.Win32.DNSChanger.adz
Microsoft ---> Trojan:Win32/Dnschanger.AI
Prevx1 ---> Generic.Dropper.xCodec
Sophos ---> Troj/Zlobar-Fam
Symantec ---> Trojan.Zlob
TheHacker ---> Trojan/Downloader.Zlob.eie
Webwasher-Gateway ---> Heuristic.Malware

Google



2 comments:

Micha said...

Hi Flash,

this time you are faster than me ;)

I added your feed to my Zlob Watch blog.

Anonymous said...

Nice