Jahewi's
Anti-Malware Information
The fake codec
MMediaCodec
jahewi,
october 11, 2006
(this
page can change, if there are new developments or changes in the
analyses)
The
site
Somehow, i have the feeling i've seen it before ...
The
WhoIs-record:
Registration
Service Provided By: ESTDOMAINS INC
Domain Name: MMCODEC.COM
Registrant: MediaHolding Inc. / Jean-Marc Rennes
Creation Date: 9-oct-2006
Expiration Date: 9-oct-2007
Domain servers in listed order:
ns2.mmcodec.com
ns1.mmcodec.com
The
EULA
The
interesting part, allthough there is nothing new, here ...
Installation
completed
Imho
they didn't have to go to all that length of making this screen.
It's pretty clear when the installation has been completed, because
.......
...
VirusBurst wiggles it's ugly tail.
The
icon of the downloaded file
They actually made a new one!
...
and offcourse, there are the new Desktop- icons, you really DON'T want
to click !!
...
and your stuck with a taskbar going crazy with fake 'security'-messages
...
So
... it's basically a fake codec, like we've seen a bit to much, lately?
Well .... No, because there is a catch!
They actually thought about it, when they choose it's name ...
MMCodec, MMediaCodec, MultiMedia-Codec ...
Get it?
...
and offcourse a brand new home-page for Internet Explorer!
