Zcodec exploit combines rootkit with social engineering, Trojans to avoid detection

Tim Wilson, Editor in Chief, Dark Reading, Contributor

September 1, 2006

1 Min Read

A new program that masquerades as a video codec could bring malware to your end users' devices, Panda Software warned earlier this week.

Zcodec, a new malicious program that incorporates a rootkit, can alter Internet search results, install adware, and fool users into installing Trojans, the security company reported on Wednesday.

The new exploit pretends to be one of the many free video codecs found on the Web, which enable end users to view digital video and audio in a faster, compressed format. But when they click on the software and pull up the license agreement, users find that the software has already been installed on their computers.

The first installation includes a rootkit as well as two executable files, according to Panda. The first modifies the DNS settings so when a user clicks on results from search engines, a different page is displayed. This tactic can be exploited to let perpetrators profit from pay-per-click systems, or to redirect users to pages designed to steal confidential data.

The second executable can install the Ruins.MB Trojan, which is designed to download other malicious programs. Or, in some cases, it installs a casino application, asking for a user's permission to install. Even if the user chooses not to install it, it leaves an icon behind.

The new exploit is an example of the way that attackers are combining multiple techniques -- in this case, rootkits, Trojans, and social engineering -- to create new exploits. Panda said its software enables users to delete the malware.

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading

Contributor

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights