Another fake codec site

Got a tip today about another fake codec site: keycodec(dot)com

The download is another in the TrojanDownloader.Win32.Zlob family, but the scary part is the "Terms of Use"

SOFTWARE INSTALLATION: Components bundled with our software may report to Licensor and/or its affiliates the installation status of certain marketing offers, such as toolbars, and also generalized installation information, such as language preference and operating system version, to assist Licensor in its product development. No personal information will be communicated to VIDEOKEYCODEC or its affiliates during this process. Licensor may offer additional components through our version checking/update system. These components include:
(a) "Internet Explorer Security Plugin 2006": Internet Explorer toolbar that protects your computer while you browse by setting high level of security for suspicious hosts.
(b) "Public Messenger ver 2.03": Popup advertising module that opens Internet Explorer ad windows when you are connected to internet.
(c) "Internet Security Add-On": your Internet Explorer homepage will be changed.
(d) Security software: antivirus/antispyware application.

http://whois.domaintools.com/keycodec.com
They only registered 3 days ago and already they are in "Blacklist Status"

The item (d) above mentions – Security software: antivirus/antispyware application which is usually one of the variants from the Innovative Marketing Group (remember WinFixer)
winantispyware(dot)com
winantivirus(dot)com
systemdoctor(dot)com
errorsafe(dot)com
drivecleaner(dot)com

Speaking of WinFixer … looks like they are being sued, although after reading the complaint it appears to be a weak case due to lack of research on the proper parties involved?

You can add the following to your HOSTS file until an update is released …
127.0.0.1  www.keycodec.com #[TrojanDownloader.Win32.Zlob.a]

 



Leave a Reply

*