Lavasoft News - September 2007

Defeating the Ever-Present Zlob

And the war against Zlob Trojans wages on. This online enemy goes by many names (Zlob, fake codecs, Zlob codecs, Smitfraud Trojans) but whatever alias is used, the devious tactics and growing prevalence on the web are undeniable. At Lavasoft, we have a vendetta against the Zlob, and a mission to help you keep this untamed online threat off of your system.

Zlob Trojans, similar to the closely related Vundo Trojans, are malware that usually masquerade as a codec needed to play a video, and then install adware or malware on an unsuspecting user’s system.

“This is absolutely the worst infestation right now on the Internet - certainly the most widely known and seen in the security forums,” says Janie "Calamity Jane" Whitty, a Lavasoft malware removal and prevention expert and Support Forums administrator.

To avoid getting infected with this underhanded malware, all it takes is a little caution and awareness of the problem.

The Tactic
How do you get infected in the first place? The usual scenario is that you attempt to download a video, only to receive a message that a special codec is needed to view it. After this prompt, you install the required “codec.” You may even have to accept an End User License Agreement (EULA), either spelling out exactly what will be downloaded onto your machine, or showing a fake EULA to make you believe the download’s legitimacy.

Once you install the program, you begin seeing loads of unwanted adware. A “nag” screen takes over your desktop in the form of a security warning or as a pop-up telling you your system is infected. The message demands that you run a scan or buy a specific “anti-spyware program” in order to fix your PC.

The Trickery
Where did you go wrong? The required codec was actually a fake, a Zlob Trojan capable of downloading more of its kind onto your system, along with a variety of adware and rogue anti-spyware. Messages you receive post-infection - another sneaky component - often mimic valid programs (like Windows Security Center) and many of the rogue anti-spyware programs imitate popular anti-spyware software (like Lavasoft’s Ad-Aware) to feign legitimacy.

The popularity of downloading and watching videos online, combined with users not finding out exactly what they are downloading onto their PCs is the perfect environment to keep Zlobs alive and thriving. These fake codecs are a frequently used ploy, brought to you through various methods that rely on the vulnerability of unsuspecting computer users including websites, e-greeting cards, and instant messages. Along with that, Zlob developers spew out new Zlob Trojans daily in an attempt to avoid detection by anti-spyware and anti-virus software.

“Despite our efforts, Zlob is still winning and it remains the number one public enemy, of this malware researcher anyway. Just take a look in the forums, our forums - ANY security forums and people are still coming in droves and hoards needing help to remove this malware.  It is constantly changing and jumping domains to avoid detection,” Whitty says.

Winning Strategies
How can you avoid falling for fake codecs? The first step is reading EULAs and privacy statements carefully before installing anything on your computer. If the EULA is hard to find or difficult to understand, reconsider installing the software. By not fully reading the EULA, you may agree to questionable activities by the software vendor and even to installing spyware and adware on your computer.

“Users need to be warned about these fake codecs. My own experience with these codecs is that if people would just read the EULAs of the software they download they would see that they are getting additional (and possibly unwanted) adware and spyware in that fake codec,” according to Whitty.

Lavasoft researchers are key fighters in the war on Zlobs, constantly finding new variants and putting them into detection. Currently, the Zlob family of Trojans are among the largest families of malware in Lavasoft’s Detection Database. Ad-Aware 2007, especially the real-time protection of Ad-Aware 2007 Plus or Pro, is an important weapon in the malware fight. Other armor you should equip your system with is updated anti-virus software, a firewall, and the latest security patches from Microsoft.

Below are a few more Zlob prevention tips from the security experts at Lavasoft.

  • Use up-to-date real-time protection. As stated above, real-time protection is key in keeping malware off of your system. Try Ad-Aware 2007 Plus or Pro - both include the Ad-Watch real-time monitor which proactively detects malware and parasites before they install on your PC.
  • Be leery of adult content videos. Zlob Trojans often masquerade as codecs needed to view pornographic videos. If you see a link for “free porn,” chances are it’s a sure way to get your PC infected.
  • Watch out for fake anti-spyware software. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.
  • Verify files before downloading. Never download software or a file without knowing exactly what it is. If you are unsure about a certain download, verify it by using an online virus scanner site or check with an expert at an online security forum, like Lavasoft’s Support Forums.

Home   arrow

Lavasoft Privacy Toolbox
The risk associated with using the Internet, like spam, viruses, spyware and phishing, remains high, according to Consumer Reports. In the first half of 2007, spyware infections prompted 850,000 U.S. households to replace their computers, according to a recent survey. One out of every 11 surveyed had a major, often costly problem due to spyware. The economic fallout per incident was averaged at $100 (U.S.), with damage totaling $1.7 billion.

Source: Consumer Reports, State of the Net 2007
Term of the Month
A pump and dump scam is a spam technique that uses misleading messages to create hype around targeted stock – usually “penny stocks” that sell for less than $1 U.S. per share. Spammers acquire the stock before sending their spam, and then “dump” their shares after share prices have inflated. The result: investors are fooled into losing money, while the spammers make off with a profit. Read more about recent spam trends in our “Spam Surge” article.

Tech Tips
Every time you surf the Net, your browser keeps track of all of your online steps. With Ad-Aware 2007, we’ve given you an easy solution to remove all traces of your Internet browsing from your system, keeping spyware from documenting surf patterns and targeting you with adware and spyware. TrackSweep, one of the new privacy features in Ad-Aware 2007, gives you the option to clean your cache, cookies, history, last typed URLs, and browser tabs from Internet Explorer, Firefox, and Opera, in one clean sweep! To use TrackSweep, from the “Tools & Plug-Ins” tab in Ad-Aware 2007’s user interface, select “TrackSweep” and then choose the items you want cleaned. TrackSweep is a feature in Ad-Aware 2007 Free, Plus and Pro.
Helpful Homepage
The Anti-Phishing Working Group is an organization committed to wiping out online scams by focusing on eliminating fraud and identity theft that results from phishing, pharming, and e-mail spoofing. Visit its website to report phishing attempts, pharming sites, and crimeware, or browse the informative resources section to brush up on the latest threats.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg
Page footer