Zlob gang does not seem to be in holiday mood. They are churning up more domains to spread their badware. Here are some of the new domains:
One of the site mentioned above,
http://brakeplayer.net (184.108.40.206), hosts a fake media player installer called BrakePlayer. This installer actually installs a nasty kernel mode rootkit. Following screenshot shows the kernel mode hooks installed by rootkit driver:
The backdoor component of this rootkit establishes connection with a remote rogue server
220.127.116.11(whois). VirusTotal scan results for the installer and rootkit driver files can be found here and here respectively.
Update: BrakePlayer removal procedure has been posted here. Hope that helps :)