Jahewi's
Anti-Malware Information
Malware-infections
of PlayerCodec
jahewi,
september 18, 2006
(this
page can change, if there are new developments or changes in the
analyses)
If you deside to
trust the image and the message in it, and have clicked "Click here",
the fake codec will download it's installation-file and present you
with an EULA.
Generally, the problems
start like this.
You find a movie-clip wich you want to see ... however, upon opening
the clip, it is not shown. Instead, you get a message that WMP can't
find the right codec and you have to download and install it, before
you can watch the movie
(needless to say, that the hole message, including the WMP-image is as
fake as the codec itself)
At this time, most fake
codecs are already installing their load of trojans ....
This infection was
brought to you by PlayerCodec
WhoIs:
Registration
Service Provided By: ESTDOMAINS INC
Domain Name: PLAYERCODEC.NET
Registrant: PlayerCodec INC / Hilary
Reed
Creation Date: 15-Aug-2006
Expiration Date: 15-Aug-2007
Domain servers in listed order:
ns2.playercodec.net
ns1.playercodec.net
Final result will be a
installation of SpywareSheriff, along with a number
of trojans.
