Friday, December 21, 2007

Zlob fake codecs in Google Groups

We have seen so many websites and domains serving Zlob fake codecs and rogue anti-malware applications. Now, the gang behind Zlob is using Google Groups to peddle their junk. Google Groups - with poor security measures and moderation - seems to be an ideal place for these Zlob bots to spread their junk. There are numerous fake pages in different sections of Google Groups, and they look just like YouTube pages. Below screen shot shows one such page:

If you click on the video, it takes you either to a fake codec page or to a rogue application page:


Some of the fake codecs are very new and are poorly detected. Hopefully, AV vendors will add the detections very soon.

1 Comments:

Blogger Rafal said...

My only thought on this- and I've been thinking about it for a long, long time - is that we're going to continue to lose the battle against this 'fake software' type of attack until there is some way to "authenticate" the application/codec to the general world that is easily consumable. The answer may just be something like Microsoft's "Authenticode" technology, or something similar - but it's needed, and needed badly.

11:39 PM  

Post a Comment

<< Home