Codec sites and why they exist

Landing on “sexy-party(dot)net” the visitor is presented with about 40 large clickable adult images (no other content) which if clicked redirects to another site (example) “fan-porn(dot)com” that urges the user to click here for free Movies. As I’ve pointed out many times before these “free movies” are more than you bargained for …



Fortunately IE7 prevents the automatic loading of the Trojan.Codec file, because it certainly downloads without even clicking the “click here” link above … IE6 users will not be so fortunate and should upgrade …



There are hundreds of related sites that all contain the same redirect, and the visitor is usually infected with a Rootkit and a whole host of other malware. Lately the Antivirus detects are running sadly at about 30% … so do not depend on your AV to catch these type infections.


What’s worse the majority of these “Codec/Zlob” related sites are run by the same people. They register hundreds of new domains at a time to avoid detection or being shut down by their Hosting company. Now the folks at CastleCops (MIRT Team) do a good job of sending abuse reports to these ISPs trying to get these sites shut down.


The sad part is they (ISPs) may shut down these sites one-at-a-time, but they continue to allow the same people to just register another site and resume with their activities …



As you can see above “hotelcodec(dot)com” existed for only a few days, then the traffic was picked up by “totalcodec(dot)com” then shut down, and on and on … now it’s “vivacodec(dot)com” … all registered by the same person … duh! If these hosting companied really wanted to make a difference they would not allow these guys to keep registering new sites.



Leave a Reply