Beware: Fake Codecs

by Erin on August 17th, 2007 in Security Alerts, Security Tips.

Zlob. Fake codecs. Zlob codecs. Smitfraud Trojan. This online enemy goes by many names, but no matter what it's called, the devious tactics and growth on the web are undeniable.

Zlob Trojans, similar to the closely related Vundo Trojan, are malware that usually masquerade as a codec needed to play a video, and then install adware or malware on an unsuspecting users system. (Below is an example of a request message prompting you to download a fake codec. Click for a larger image).

The popularity of downloading videos online, combined with users not finding out exactly what they are downloading onto their PCs is the perfect environment to keep Zlobs alive and thriving. Along with that, Zlob developers spew out new Zlob Trojan variants daily in an attempt to avoid detection by anti-spyware and anti-virus software.

All too often, Lavasofts Support Forums administrator Janie "Calamity Jane" Whitty, sees the effects of Zlob Trojan infections, with victims' daily cries on the forums for help to remove this malware.

Our researchers at Lavasoft are also in a constant battle with this Internet nasty, finding new variants of the Zlob family of Trojans and putting them into detection daily.

The best method for prevention is simple: user awareness. Take a look at a few more Zlob prevention tips, below.

  • Read End User License Agreements. Read EULAs and privacy statements carefully before installing anything on your computer. If the EULA is hard to find or difficult to understand, reconsider installing the software. By not fully reading the EULA, you may agree to questionable activities by the software vendor and even to installing spyware and adware on your computer.
  • Use up-to-date real-time protection. Real-time protection is key in keeping malware off of your system. Try Ad-Aware 2007 Plus or Pro - both include the Ad-Watch real-time monitor which proactively detects malware and parasites before they install on your PC.
  • Be leery of adult content videos. Zlob Trojans often masquerade as codecs needed to view pornographic videos. If you see a link for "free porn," chances are it's a sure way to get your PC infected.
  • Watch out for fake anti-spyware software. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.
  • Verify files before downloading.  Do not download software or a file without knowing exactly what it is. If you are unsure about a certain download, verify it by using an online virus scanner site or check with an expert at an online security forum, like Lavasofts Support Forums.