Swatkat's rants

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, 6 September 2008

Fake Windows Media Player!

Posted on 01:40 by Unknown
Here's a rogue website which fakes Windows Media Player. This time, gang behind these websites has given good amount of attention-to-detail for their fake Windows Media Player. This fake player initially tries to "search" for codecs in update.microsoft.com and then offers a codec (fake, obviously!) for download. Here are some of the screenshots of fake player:







The codec is named as Megazcodec and is hosted at http://megazcodec.com. Megazcodec is yet another Zlob/DNSChanger variant; however it is not well detected as of now. The VirusTotal report is as shown:

File megazcodec.v3.104.exe
AntiVir 7.8.1.28 - TR/Dropper.Gen
BitDefender - Trojan.DNSChanger.VD
Ikarus - Win32.SuspectCrc
Sunbelt 3.1.1610.1 - Media Code, Inc (v)
Webwasher-Gateway - Trojan.Dropper.Gen

Complete VirusTotal scan result can be found here.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Ax Video Plugin
    Ax Video Plugin is one of the latest fake codec/plugin in the block. The site http://axvideodownload.com/ uses the same old fake "Vide...
  • Spyware Guard 2008
    Spyware Guard 2008 is a new rogue application. Does that name sound familiar? Well, yes, there is a legitimate application named SpywareGuar...
  • Javacool EULAlyzer!
    Have you ever read those ultra-long EULA (End User License Agreement) pages while you are installing any software? I think no one will read ...
  • Zlob brings back fake MP3s!
    Last August, I had blogged about Zlob gang using fake MP3 download sites to push their malware (link here ). Afterwards, we started to see m...
  • Myphonegames.co.uk hacked?!
    It seems that some pages of a mobile-phone games website www.myphonegames.co.uk have been hacked to execute malicious looking Javascript. A...
  • twitcurl - C++ twitter API library
    twitcurl is an open-source pure C++ library for twitter REST APIs. Currently, it has support for most of the twitter APIs and it will be upd...
  • DomPlayer - Rogue Multimedia Player
    DomPlayer is a new rogue multimedia player on the loose. The gang behind DomPlayer is making use of fake video files (available as torrents)...
  • Some new malware - a.exe, gop.exe etc
    We have some "new" malware this time, ranging from trojans to rootkits. One of them is a trojan which detected by some of the AVs ...
  • ThinkPoint rogue antivirus
    ThinkPoint is a new addition to the long list of rogue antivirus programs. ThinkPoint uses fake codec download tricks for its distribution. ...
  • Removing Mailbot.AZ (aka Rustok.A) Rootkit
    Mailbot.AZ (also known as PE386 or Rustock.A) is a kernel mode rootkit backdoor virus. It contains only one file-its driver-and it is stored...

Categories

  • a.exe
  • Autohotkey
  • C++
  • fake mp3 downloads
  • gop.exe
  • NewMediaCodec
  • OAuth
  • Orkut hating virus
  • Privacy Protector
  • rootkit
  • SysProt AntiRootkit
  • TDSServ rootkit removal
  • twitCurl
  • twitter
  • Udefender
  • Ultimate Cleaner
  • vdo_
  • Zlob
  • Zlob rootkit

Blog Archive

  • ►  2013 (1)
    • ►  June (1)
  • ►  2010 (6)
    • ►  October (2)
    • ►  September (2)
    • ►  July (1)
    • ►  April (1)
  • ►  2009 (12)
    • ►  September (1)
    • ►  May (1)
    • ►  April (1)
    • ►  March (4)
    • ►  January (5)
  • ▼  2008 (44)
    • ►  December (6)
    • ►  November (6)
    • ►  October (4)
    • ▼  September (15)
      • Zlob fake codec updates
      • Zlob fake codec updates
      • Zlob fake codec updates
      • Total Secure 2009 and Google search poisoning
      • Zlob fake codec updates
      • More fake MP3 download sites
      • Zlob fake codec updates
      • Zlob fake codec updates
      • AntiVirus 2009 updates
      • Antispyware Pro XP
      • Zlob fake codec updates
      • PrivateContent and fake Google Toolbar BHO
      • Fake Windows Media Player!
      • Zlob fake codec updates
      • Windows Filtering Platform (WFP) user mode examples
    • ►  August (2)
    • ►  June (2)
    • ►  May (1)
    • ►  April (1)
    • ►  March (6)
    • ►  January (1)
  • ►  2007 (38)
    • ►  December (1)
    • ►  November (2)
    • ►  October (9)
    • ►  September (2)
    • ►  August (8)
    • ►  July (11)
    • ►  June (3)
    • ►  March (2)
  • ►  2006 (6)
    • ►  September (1)
    • ►  August (2)
    • ►  May (1)
    • ►  February (2)
  • ►  2005 (30)
    • ►  December (2)
    • ►  November (2)
    • ►  October (4)
    • ►  September (5)
    • ►  August (11)
    • ►  July (6)
Powered by Blogger.

About Me

Unknown
View my complete profile