Thursday, March 13, 2008

One more fake Flash Player!

Here's one more fake Flash Player from Zlob gang, being used to push their new fake codec (another one can be seen here).

This time, the codec names are XXXMediaCodec and FlyVideoCodec, and are hosted at and/or These new samples are not very well detected as of now. Here's the VirusTotal scan report for these codecs:
AntiVir - DR/Delphi.Gen
F-Secure - Suspicious:W32/Malware!Gemini
Microsoft - Trojan:Win32/Tibs.gen!G
Panda - Suspicious file
Sophos - Mal/Behav-116
VBA32 - suspected of Downloader.Zlob.8
Webwasher-Gateway - Trojan.Dropper.Delphi.Gen


Post a Comment

<< Home