Forgot your password?
typodupeerror

zCodec Video Codec Is a Trojan 188

Posted by kdawson
from the who-is-watching-whom? dept.
Bride of Chucky writes "There's a new video codec out there that claims to offer 'up to 40 percent better video quality' but that resets your computer's DNS settings — opening the way for Trojans, rootkits, or whatever. Techworld warns that zCodec looks professional enough, is widely available, and comes in at 100KB. What's the bet the media companies are behind this somewhere?"
This discussion has been archived. No new comments can be posted.

zCodec Video Codec Is a Trojan

Comments Filter:
  • by Spazntwich (208070) on Monday September 04, 2006 @05:13PM (#16040067)
    I'd give a lot more consideration to an enterprising spammer/botnet advertiser being behind this.

    Follow the money. The MPAA has plenty to make off p2p lawsuits to risk the kind of bad press and fines they'd get by doing something like this.

    Basically, the submitter is an irrational idiot pandering to the anarchist conspiracy theorists in an attempt to start a flamewar. Congratulations, you've probably got it.
    • I agree with you. There are plenty of trojens out there other than condoms; why would this one be a corporate conspiracy? A quick Google search [google.com] shows that this is nothing new. I think that companies learned their lesson from Sony's rootkit fiasco.
      • Yeah now they're waiting for Vista.
    • by MustardMan (52102) on Monday September 04, 2006 @05:26PM (#16040133)
      While I agree that the submitter is probably full of shit... your argument is kind of weak. Try a little word-replacement and see what you get...

      "Follow the money. Sony has plenty to make off hardware and music sales to risk the kind of bad press and fines they'd get by installing a rootkit on your computer"

      Sony makes a whole fuckload more money from their products than the MPAA gets from suing grandmothers, and that sure didn't stop them from one of the biggest PR blunders by a tech company in recent memory.

      It's far more likely that a script kiddie or spammer type is responsible... but I would NOT put this sort of thing past the shitbags at the MPAA.
      • by MustardMan (52102)
        After R'ing TFA, I'd say the submittor is almost certainly fulla shit, only because this thing looks like it's chock full of malware elements. That being said, I still wouldn't put it past the MPAA to try to pull something similar.
      • by in2mind (988476)
        Sony makes a whole fuckload more money from their products than the MPAA gets from suing grandmothers, and that sure didn't stop them from one of the biggest PR blunders by a tech company in recent memory.

        FYI - Sony has been making loss in the recent years - until this year.

      • No, especially if you _do_ follow the money, that's a dumb analogy. Yes, please do follow the money:

        - Sony's music division makes money by, you know, selling CDs. The Sony "rootkit" was a piece of copy-protection software which was supposed to help sell more CDs. It wasn't just some piece of wanton malware, and indeed the malware uses were simply because it was designed and programmed by the cheapest incompetent monekys. But at any rate, its purpose was to make more money for Sony.

        - This codec is just a wan
    • Re: (Score:3, Insightful)

      by kripkenstein (913150)
      I'd give a lot more consideration to an enterprising spammer/botnet advertiser being behind this.

      Exactly.

      We have no evidence for the media corporations being involved in such actions; and it wouldn't make much sense for them to do so, either. This adware will make money; money is something that media companies already have, but adware companies constantly work to get. What the media companies need is not more money, but to scare people off of using p2p software - and this isn't the way to do that. No,
    • Re: (Score:3, Insightful)

      by svunt (916464)
      Basically, the submitter is an irrational idiot pandering to the anarchist conspiracy theorists in an attempt to start a flamewar.
      Wow, is this an extension of an eye for an eye? Now we're up to 'a kneejerk asstard for a kneejerk asstard'. The submitter has as much right to make stupid links between some malware and the **AA as you have linking his silly analysis to anarchism.
    • Re: (Score:2, Interesting)

      by zarozarozaro (756135)
      Maybe it is Abrahamen Biderman... http://www.networksolutions.com/whois/index.jsp [networksolutions.com] zcodec.com
  • What! (Score:5, Funny)

    by Funkcikle (630170) on Monday September 04, 2006 @05:13PM (#16040071)
    40% better video performance but NO LINK TO IT? Come on!
    • Re:What! (Score:5, Funny)

      by JonWan (456212) on Monday September 04, 2006 @05:31PM (#16040171)
      here it is :http://www.zcodec.com/index.html [zcodec.com]

      But It dosen't run on linux.
      • Re:What! (Score:5, Insightful)

        by gEvil (beta) (945888) on Monday September 04, 2006 @05:45PM (#16040249)
        From the summary: "zCodec looks professional enough..."

        So I clicked on the zcodec.com link above and the first thing I noticed was the use of some copyrighted movie posters on their page. And then I saw the link for the "therms of use." "Professional enough" indeed...
        • It's spelled "provisional".
        • Re: (Score:2, Funny)

          by MrYotsuya (27522)
          And then I saw the link for the "therms of use." "Professional enough" indeed

          Hey now, be nice. People with lisps can be professionals too.
        • by hackstraw (262471) *
          So I clicked on the zcodec.com link above and the first thing I noticed was the use of some copyrighted movie posters on their page. And then I saw the link for the "therms of use." "Professional enough" indeed...

          Yeah, I saw the "therms of use page" linky here: http://www.zcodec.com/therms.html [zcodec.com] -- notice that the web page is therms.html . At least they are consistently wrong :)

          I thought it kinda looked OK, but I noticed there was not FAQ, and there was no info on what to do with said codec. Hey, its only
          • by DF5JT (589002)
            It gets better.

            If you take a look at the license agreement, you will find that the last paragraph named "ENTIRE AGREEMENT" contains a link, pointing to http://www.vcodec.com/terms.html [vcodec.com]

            That link leads you to an advertisement page containing three ads, the second of which has this:

            Remove Vcodec Now
            Remove Vcodec Spyware Forever. Scan Now. Takes 3 Mins. Gone.
            www.AdwareAlert.com

            Go figure...
        • by Fulkkari (603331)

          If you do a reverse lookup on www.zcodec.com (85.255.117.106), you'll get "85.255.117.106-xbox.dedi.inhoster.com". That doesn't sound right for a legit download. Not that you'd normally do such lookups...

        • I use cubic metres, you insensitive clod!
      • by dwandy (907337)
        I think the best part is the " Therms of use " link...
        • by whoever57 (658626)
          I think the best part is the " Therms of use " link...
          Does that mean I have to pay PG&E (Pacific Gas and Electricity) to use it... oh wait. I do already!

          But on a more serious note, since the operation of the "codec" is misrepresented, I wonder how enforcable the terms are? Especially the "no reverse engineering" restriction (which is invalid in some states anyway).

        • Re:What! (Score:5, Funny)

          by BlackHat (67036) <.moc.liamg. .ta. .blackhaT.> on Monday September 04, 2006 @06:24PM (#16040447) Journal
          Forgetting to change
          http-//www.vcodec.com in it{see last line of 'therms'} to zcodec.com is the best laugh I've had today.
      • by whoever57 (658626)
        But It dosen't run on linux.
        Are you sure? I have this package called "win32codecs" on my system, as well as Wine. Surely I can get it to run?
        • by JonWan (456212)
          Well it will install under wine, I just did it. But the only thing I can find in my .wine c_drive folder is a dir called HQ codec and the files register.exe, Uninstall.exe. Register.exe crashes wine, and Uninstall.exe removes the HQ codec directory and the start menu links. I don't have a real install of windows and so far thats all I can find on my system. I'll dig around but it didn't appear to send any data out when I ran either exe. Maybe register.exe is it and it crashed before it could do anything. I
          • by JonWan (456212)
            oops never depend on their log. it dosen't delete anything execpt Uninstall.exe , register.exe is still there. Hmmmm
  • Huh? (Score:5, Insightful)

    by WD (96061) on Monday September 04, 2006 @05:13PM (#16040073)
    What are "the media companies" and why would they be behind this?
    • What are "the media companies" and why would they be behind this?

      The article was posted by a 'kdawson', I bet that's the new guy.

      We all know that Taco and his crack team of editors would never let such an unfounded and inflammatory statement on the front page of this outstanding news establishment.

      So cut the guys some slack. After all, I bet you this Dawson kid will be reprimanded and articles will be back to the high standard of journalism we're use to in no time.

  • Is there any evidence that they are behind this codec?

    Don't you think that after the sony rootkit most companies wouldnt bother with such schemes....
    • by TheLink (130905)
      After the sony rootkit thing, who was charged with unauthorized tampering with computers? Which individuals were punished?

      Just because I let you into my house to install a CD player doesn't mean you should unlatch the backdoor, open windows, even if you give me a stupid piece of paper to sign with lots of fine print saying that you can do that sort of stuff.

      Maybe that's legal in the USA, but I think it's not in other countries, and AFAIK the Sony rootkit has affected other countries, so why hasn't anyone be
  • Gimme an S. (Score:2, Redundant)

    by uncoveror (570620)
    Gimme an S.

    S!

    Gimme an O.

    O!

    Gimme an N.

    N!

    Gimme a Y

    Why? They put rootkits on CDs. They are just the kind of company that would make a video codec that is a trojan.
  • Hmm. (Score:5, Insightful)

    by TheRaven64 (641858) on Monday September 04, 2006 @05:25PM (#16040127) Journal
    What's the bet the media companies are behind this somewhere?

    A tin-foil hat is a mark of someone who can, in all seriousness, say 'if it looks like a duck, and quacks like a duck, then it must be a concealed listening device placed by the government under the instruction of the military-industrial complex and funded by the media industry.' The poster should wear his with pride.

    • by thelost (808451)
      if its quack echoes then it *is* a duck, otherwise it's time to make like a tree and go.
    • by nurb432 (527695)
      But that doesnt mean hes wrong.

      Sometimes the paranoids are right. Dont discount them so quickly.
  • by AgentPaper (968688) * on Monday September 04, 2006 @05:27PM (#16040139)
    ...user stupidity makes a dandy explanation. If there is a universal truth in today's networked world, it is that the gullibility of the average Netizen knows no bounds. I'd be willing to bet that you could write a program that claims to turn your printer into a replicator, and some doofus would buy it.

    This ranks right up there with the scores of malware programs that pretend to be malware removers. I assume the original poster would have us believe that all those are really written by the likes of Symantec and McAfee?

    • Re: (Score:2, Insightful)

      This ranks right up there with the scores of malware programs that pretend to be malware removers. I assume the original poster would have us believe that all those are really written by the likes of Symantec and McAfee?

      What, like Norton Antivirus? It's often installed without you asking for it, it consumes vast amounts of resources, it embeds itself into your operating system's interface, it hides itself from other programs, it phones home regularly, and it's extremely difficult to remove.
    • Don't underestimate how disconnected from reality or logic conspiracy theorists can be. There _are_ people who believe that PC viruses are written by antivirus companies, human/animal diseases are created in the lab by big pharma corporations, fires are started by the firemen, etc. It's the "follow the money" kind of conspiracy theory. And don't get me wrong, "follow the money" is generally good advice, but some people are too stupid or too schizophrenic to actually successfully follw the money... or any co
      • The voices said that you were wrong and they wouldn't talk to you. There is no way you could ever figure out the secrets on your own so you're just plain screwed unless the voices change their minds, but that wouldn't happen because they only talk to me!
  • This is another great example of how lack of technical knowledge can be used to take advantage of "home users".

    Joey Dell doesn't see the difference between technical details of OSS and Proprietary Software, all he sees is the malware being marketed as "Faster SMaller Better"
  • by knightmad (931578) on Monday September 04, 2006 @05:29PM (#16040160)
    Will it run on Linux? We don't want to feel left out again. These damned malware-laden proprietary crap!
    • Linus had enough trouble debugging the kernel to get the last lot of malware working, and these virus writers aren't exactly playing fair and giving him the interface specs, or any cash to do the porting work. Sheesh! Virus writers must think those kernel guys are made of money or something.
  • Oh please... (Score:5, Insightful)

    by kentrel (526003) on Monday September 04, 2006 @05:30PM (#16040164) Journal
    What's the bet the media companies are behind this somewhere?

    That's incredibly presumptuous and a completely baseless accusation. There are lots of people who can clearly benefit from trojans, and someone obviously has seen the potential in video codecs as a nice "social engineering" way of fooling the gullible masses into downloading them. The average person generally searches for video codecs once in a blue moon - they have no way of knowing which sites are legitimate, or which files are legitimate. They'll download whatever sounds promising. In fact, the website looks far more legitimate than some of the genuine codec sites out there.

    Smarter users might do regular intensive searching to make sure they are getting a legitimate file, but the average user will not. It's far more likely that the author of this trojan is just exploiting the fact that so many users of codecs are clueless than yet another paranoid conspiracy that the media companies are behind it. Really, will the slashdot editors ever get over their bias and just print actual NEWS.

  • by Lord Apathy (584315) on Monday September 04, 2006 @05:30PM (#16040165)

    Enough is a enough. A message needs to be sent to these bastards. Suing and fines only do so much. They fine these bastards, they file for bankruptcy and its over. They close the company and the fines and suits go away. Can't sue what doesn't exist and current corp. laws protect us from going after personal assets.

    Time to bring some real charges against these fuckers and send a few of them to prison for a good long stretch. And I'm not talking 6 months in a jail with 500 hours of community service. I'm talking 10 years in maximum security.

    I know some people say the punishment doesn't fit the crime but I think its time it did. If we would have locked up some of them bastards from Sony then I bet this one wouldn't' happen.

  • by Desolator144 (999643) on Monday September 04, 2006 @05:31PM (#16040167)
    www.zcodec.com registrant info:

    ZCodec Inc

    Abrahamen Biderman

    webmaster@zcodec.com

    5624 17th Ave

    Brooklyn

    New York

    NY,11204-1834

    Tel. +718.2364275

    Creation Date: 23-Dec-2005

    Expiration Date: 23-Dec-2006

    Okay first of all, it was registered almost a full year ago and second, even now I could probably drive to his house/office (assuming that info is accurate) and arrest him myself faster than the FBI could. Why does everyone always sit around and do nothing when stuff like this happens? Someone should at least give him a call :-) It's not even nigeria this time, how expensive could it be?

    • Re: (Score:2, Interesting)

      by TaoPhoenix (980487)
      I'm guessing the info is fake. (What are the penalties for faking WhoIs info?)

      Yahoo turned up the following:

      Amilcar Perez

      7319 13th Ave
      Brooklyn, NY (map)

      Tel.: (718) 236-4275

      Does that help anyone?
    • The info in DNS is most likley fake.

      Info on Forbes [forbes.com] of the real guy. I doubt a stock broker would have much to do with a scheme like this.
  • No bet... (Score:3, Insightful)

    by drinkypoo (153816) <martin.espinoza@gmail.com> on Monday September 04, 2006 @05:31PM (#16040170) Homepage Journal
    ...because even if it were true, we'd likely never see proof. As such, that kind of speculation in a story submission is immature on the part of the submitter and allowing it to go out unedited is irresponsible of the editor. (Bonus points if they're the same person, I didn't check.)
  • "The media companies are behind this"? Are you letting twitter [slashdot.org] loose on the Submit Story function now?

    Whoever wrote that needs their heads checking.
  • by Animats (122034) on Monday September 04, 2006 @05:54PM (#16040282) Homepage

    Looks like this is coming from a known source of spyware in Ukraine, "Inhoster.com".

    "zcodec.com" is actually "85.255.117.106-xbox.dedi.inhoster.com", a dedicated server at a "nlayer.net" colocation site in San Francisco. The dedicated server appears to be associated with "atrivo".

    Both "inhoster.com" and "atrivo" appear to be "psuedo-ISPs"; they have web sites that look like those of an ISP, but they don't really offer services for sale. Both have bad reputations: see "Spywarequake Scam on the Run [netrn.net]. The previous attacks were based on phony anti-spyware programs. Now that people are wise to that one, the new frontier is apparently phony codecs.

    The WHOIS information for "zcodec.net" appears to be bogus. It's given as "Abrahamen Biderman" at "5624 17th Ave, Brooklyn, New York" There is an "Abraham Biderman" with an office at 5624 17th Ave, Brooklyn, New York, and he's a political figure and investment banker [forbes.com], with a career running major financial institutions. Probably not behind some two-bit spyware scam.

    • Perhaps someone should notify him. Sounds like he might have enough $$ clout to be heard when finds out how his identy has been 'stolen' (used w/o his permision) to perpetrate this sort of internet scam.

      Mycroft
      • by Inda (580031)
        And I nominate that person to be you! All those in favour raise their hands.

        Anyway, Abraham Biderman sounds like a bogus name for someone running major financial institutions. Ivor Bidalot would have been more believable.
  • by gsn (989808) on Monday September 04, 2006 @06:08PM (#16040350)
    wow a codec is spyware - inconcievable!!! Who the heck told you to download an unheard of codec which you probably didn't need. The vast majority of spyware is around because people download things they don't actually need from an untrusted third party source. I can't begin to count the number of computers I've had to fix because some twit downloaded a codec pack or opened an scr file in their email or downloaded some game crack to pirate a game and found it installed bonzi buddy.

    Virtually every bloody codec pack you could download contained spyware/adware - some of them put in by the developers themselves. I've got some lovely versions of Nimo, K-lite and gordian knot to prove it. Hell, DivX pre 5.2 had GAIN in it and if you didn't know where to look on their website you had no way of finding the version without it (it didnt have the encoder so wasn't gain supported) . VLC is all I download for video playback now. If they don't support it I don't need to watch it - I've an flv file convertor for those of you who know how to download the dang yourtube/google videos that vlc cant handle perfectly.

    Learnt the hard way not to download things from any third party site even if its trusted back in high school. I run XP because I like playing games. If I had a tinfoil hat I'd read the source and then compile and do MD5 checks but I'm lazy and will take the binary packages, and I suspect one day I will pay for that laziness, despite my use of Tea Timer and the Spybot S&D hosts file and immunization databse, Lavasofts ad aware, windows defender and rootkit revealer, hijack this, peer guardian 2, and spyware blaster. One day I will be an idiot and download a binary with some spyware that is still under the radar for all of these and I will be pissed when I realize it. Atleast, I will realize it, but most users wont.
    • by pbhj (607776)
      >>> Who the heck told you to download an unheard of codec

      Usually that would be Windows Media Player. I wonder if they can create a video file that forces WMP to get this codec? Then it's just a case of releasing george_bush_naked.avi (ewww) on bittorrent and let the trojan horses run/roll.
  • by ericdano (113424) on Monday September 04, 2006 @06:08PM (#16040353) Homepage
    I bet PC [apple.com] will be pissed. Poor guy. Spyware, Viruses, physical damage and now....this?
  • Why take the detour? (Score:3, Interesting)

    by Opportunist (166417) on Monday September 04, 2006 @06:09PM (#16040362)
    When the straight line connects much better?

    Music companies have huge legal departments that can (and do) get their info from ISPs with subpoenas. Trojan distributors are constantly trying to find new ways to push their junk onto your computer, often by paying heavily for 0day exploits.

    Who is more likely to buy a "cheap" way to bug your PC?
  • This isn't news - "codecs" have been used for years as spyware/trojan droppers. Great social engineering - "hey, to view this porn, you need to install this codec". It's sufficiently tech sounding, and computery to sound believable, so it works.

    --Simon
  • by jasonfrog (882259) on Monday September 04, 2006 @07:40PM (#16040812)
    and there is more, http://www.pcodec.com/ [pcodec.com]

    the same blurb, different .exe, but again packed full of trojans.

    Domain Name: PCODEC.COM
    Creation Date: 25-Aug-2006
    Expiration Date: 25-Aug-2007

    People are being enticed into downloading this codec by the following posting that is being spambotted on to public forums that allow guest posting..

    "Br1tney Spe@rs r@ped! ;)
    http://britneyspearsrocks.info/ [britneyspearsrocks.info]"

  • Their TOS seems to hide the facts by masking it as a "security feature" instead of spyware.. Look carefully to the TOS:


    (a) "Internet Explorer Security Plugin 2006": Internet Explorer toolbar that protects your computer while you browse by setting high level of security for suspicious hosts.
    (b) "Public Messenger ver 2.03": Popup advertising module that opens Internet Explorer ad windows when you are connected to internet.
    (c) "Internet Security Add-On": your Internet Explorer homepage will be changed.
    (d) Secu
  • What the hell does that mean? How do you know if something looks "professional"? Are you checking to see if it's a full-time business vs a hobby, or some kind of test like that?

    Sometimes I think "professional" is one of the dumbest and most-abused (to the point of being renderred meaningless) words in our language. We're seeing used here as implying lack of spyware (wtf does that have to do with getting paid?!) and it has often been used to describe how someone dresses. What a great word for saying not

nohup rm -fr /&

Working...