Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

zCodec Video Codec Is a Trojan 188

Posted by kdawson from the who-is-watching-whom? dept.
Bride of Chucky writes "There's a new video codec out there that claims to offer 'up to 40 percent better video quality' but that resets your computer's DNS settings — opening the way for Trojans, rootkits, or whatever. Techworld warns that zCodec looks professional enough, is widely available, and comes in at 100KB. What's the bet the media companies are behind this somewhere?"
This discussion has been archived. No new comments can be posted.

zCodec Video Codec Is a Trojan More

zCodec Video Codec Is a Trojan

Comments Filter:

  • and nobody's doing anything.....why? (Score:4, Informative)

    by Desolator144 ( 999643 ) on Monday September 04, 2006 @06:31PM (#16040167)
    www.zcodec.com registrant info:

    ZCodec Inc

    Abrahamen Biderman

    webmaster@zcodec.com

    5624 17th Ave

    Brooklyn

    New York

    NY,11204-1834

    Tel. +718.2364275

    Creation Date: 23-Dec-2005

    Expiration Date: 23-Dec-2006

    Okay first of all, it was registered almost a full year ago and second, even now I could probably drive to his house/office (assuming that info is accurate) and arrest him myself faster than the FBI could. Why does everyone always sit around and do nothing when stuff like this happens? Someone should at least give him a call :-) It's not even nigeria this time, how expensive could it be?

  • Appears to be from Inhoster, known spyware source. (Score:5, Informative)

    by Animats ( 122034 ) on Monday September 04, 2006 @06:54PM (#16040282) Homepage

    Looks like this is coming from a known source of spyware in Ukraine, "Inhoster.com".

    "zcodec.com" is actually "85.255.117.106-xbox.dedi.inhoster.com", a dedicated server at a "nlayer.net" colocation site in San Francisco. The dedicated server appears to be associated with "atrivo".

    Both "inhoster.com" and "atrivo" appear to be "psuedo-ISPs"; they have web sites that look like those of an ISP, but they don't really offer services for sale. Both have bad reputations: see "Spywarequake Scam on the Run [netrn.net]. The previous attacks were based on phony anti-spyware programs. Now that people are wise to that one, the new frontier is apparently phony codecs.

    The WHOIS information for "zcodec.net" appears to be bogus. It's given as "Abrahamen Biderman" at "5624 17th Ave, Brooklyn, New York" There is an "Abraham Biderman" with an office at 5624 17th Ave, Brooklyn, New York, and he's a political figure and investment banker [forbes.com], with a career running major financial institutions. Probably not behind some two-bit spyware scam.

  • Re:Freaky coincidence (Score:3, Informative)

    by ShaunC ( 203807 ) on Monday September 04, 2006 @07:11PM (#16040370)
    4.2.2.1 to 4.2.2.6 are public nameservers operated by Verizon.

  • Re:suprise suprise, another American company (Score:5, Informative)

    by flooey ( 695860 ) on Monday September 04, 2006 @07:12PM (#16040381)
    Also, there is no 17th Ave in Brooklyn.

    Actually, there is [google.com]. One of the oddities about New York City is that a mailing address of New York, NY means Manhattan. To properly address something in Brooklyn (and thus for Google Maps to find it) you need to use Brooklyn, NY.

  • 4.2.2.2 (Score:5, Informative)

    by MillionthMonkey ( 240664 ) * on Monday September 04, 2006 @07:14PM (#16040392)
    There is a legitimate DNS server sitting at 4.2.2.2. I think it belongs to GTE (now Verizon). It has the misfortune of having an easy IP address to remember. In a pinch, if you can't remember the IP of your own DNS, there's always 4.2.2.2. Most people who use it have it as their alternate DNS. Verizon likes to give it names like i-will-not-steal-service.sys.gtei.net.

    You've already gotten a reply to your original post that indicates at least one other person has seen this happen to their DNS settings. If I'd never typed in 4.2.2.2 myself, and I had no previous business relationship with Verizon or GTE, I'd call shenanigans. A malware writer needing to disable automatic DNS for some reason would have to specify a replacement IP and 4.2.2.2 is convenient to hard code.

  • Re:Use Linux (Score:4, Informative)

    by rm69990 ( 885744 ) on Monday September 04, 2006 @07:19PM (#16040429)
    Or use Windows and don't download dangerous software. Any piece of software with a set of "therms of use" should be avoided (see the software's home page to know what I'm talking about). Or of course buy a Mac (sorry, Apple fanboy here :-P)

  • watch out for Pcodec too. http://www.pcodec.com/ (Score:3, Informative)

    by jasonfrog ( 882259 ) on Monday September 04, 2006 @08:40PM (#16040812)
    and there is more, http://www.pcodec.com/ [pcodec.com]

    the same blurb, different .exe, but again packed full of trojans.

    Domain Name: PCODEC.COM
    Creation Date: 25-Aug-2006
    Expiration Date: 25-Aug-2007

    People are being enticed into downloading this codec by the following posting that is being spambotted on to public forums that allow guest posting..

    "Br1tney Spe@rs r@ped! ;)
    http://britneyspearsrocks.info/ [britneyspearsrocks.info]"

  • Dont call him, dont harass him. (Score:3, Informative)

    by nitehawk214 ( 222219 ) on Tuesday September 05, 2006 @12:08AM (#16041901)
    The info in DNS is most likley fake.

    Info on Forbes [forbes.com] of the real guy. I doubt a stock broker would have much to do with a scheme like this.

Slashdot Top Deals

Anyone can make an omelet with eggs. The trick is to make one with none.

Close