Trojan.Emcodec.E
From Wikipedia, the free encyclopedia
Trojan.Emcodec.E is a trojan horse that is mis-represented as an audio/video codec for Windows-based PCs. It exists in various variants with names such as Media Codec, Ecodec, Imediacodec, IntCodec, Pcodec, SVideocodec, Video iCodec, QualityCodec, Vcodec, Zip Codec, zCodec, ZCODEC[1][2] and began to be widely used in spring 2005.
When visiting certain web sites, in particular pornographic sites, and attempting to view a video file on the site, the user will be directed to download this software, purportedly in order to allow viewing of the video. Furthermore, a number of websites have been set up to mis-represent this malware as a legitimate codec, inviting the users to download the software, allegedly to allow for the playback of certain audio/video which claims to use the so-called codec.
Once executed, the trojan copies a program into the Program Files folder, changes some registry keys and displays a fake EULA for the supposed codec.[3]
zCodec reportedly changes the machine's DNS settings, monitors the user's browsing and acts as adware.[4]
Some versions of the trojan install malware called Zlob, which in turn may lead to the installation of malicious and fake "security programs" such as SpywareQuake, SpyFalcon, WinAntiVirusPro or other malware; some variants also install a backdoor into the infected computer.[5]
[edit] References
- ^ CounterSpy research center on Vcodec
- ^ Lavasoft News September 2006
- ^ Symantec information on Trojan.Emcodec.E
- ^ Techworld report on zCodec, 4 September 2006
- ^ CounterSpy research center on Zlob/Media Codec
[edit] External links
- Fake home pages, misrepresenting the trojan as a legitimate codec:
- Removal tools:
Categories: Trojan horses | Adware | Spyware | Rootkits