More variants of Zlob fake codec

It seems Zlob group is changing/re-packing their fake code installers almost every 24 hours. New samples are found every day! After player-codec, host-codec, click-codec and virutalcodec, now they have released greatcodec. It is hosted at www(dot)greatcodec(dot)com.

Actually, we can see three forms of fake codec installers from Zlob:
VideoAxObject installer (these are named as Setup.exe)
Greatcodec (as of now)
NewMediaCodecInstaller

All three installers keep changing frequently. AV vendors should better come up with some Generic or Heuristic detection for Zlob variants, instead of signature detection.

Information about new variants can be found here and here.