Wondering how people get to these bogus security sites and download junk like SpyAxe?

Patrick Jordan and Adam Thomas on our spyware research team have been investigating Vcodec.com.  This is a site that has a program called “VCodec v3.05b is new generation multimedia compressor/decompressor which registers into the Windows collection of multimedia drivers…”

Vcodecasdfasdfawe4r234234234qwdfasdf

This is bogus video utility. The file, VideoCodec3_05b, is a trojan which then starts the scam about “Your computer is infected!”.

Videocodecpostinfect

I ran this through VirustTotal and here are the results (“No virus found” means the scanner did not detect the file as a trojan):

—————————————————————————————————

This is a report processed by VirusTotal on 12/14/2005 at 23:23:24 (CET) after scanning the file “VideoCodec3_05b.exe” file.

AntivirusVersionUpdateResult
Kaspersky4.0.2.2412.14.2005Trojan-Downloader.Win32.Zlob.cu
NOD32v21.132212.14.2005probably a variant of Win32/TrojanDropper.Small.NCU
CAT-QuickHeal812.13.2005(Suspicious) – DNAScan
AntiVir6.33.0.6112.14.2005no virus found
Avast4.6.695.012.14.2005no virus found
AVG71812.14.2005no virus found
Avira6.33.0.6112.14.2005no virus found
BitDefender7.212.14.2005no virus found
ClamAVdevel-2005110812.12.2005no virus found
DrWeb4.3312.14.2005no virus found
eTrust-Iris7.1.194.012.14.2005no virus found
eTrust-Vet12.3.3.012.14.2005no virus found
Fortinet2.54.0.012.14.2005no virus found
F-Prot3.16c12.13.2005no virus found
Ikarus0.2.59.012.14.2005no virus found
McAfee465012.14.2005no virus found
Norman5.70.1012.14.2005no virus found
Panda8.02.0012.14.2005no virus found
Sophos4.00.012.14.2005no virus found
Symantec812.14.2005no virus found
TheHacker5.9.1.05512.14.2005no virus found
VBA323.10.512.14.2005no virus found

—————————————————————————————————

So,only Kaspersky (no surprise), NOD32 and CAT-QuickHeal are catching it. 

Put this one on your blocklist.  Hopefully AV vendors will get signatures out very soon.

Alex

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.