Ever since the BBC did an article on fake codecs, there’s been a flurry of press on the issue. We’ve been talking about these for over a year and it’s good they’re getting attention. These fake codecs are certainly out there, and while they are currently mostly used on porn sites, there is certainly the opportunity for them to move to more mainstream venues (no surprise, since porn is often the leading indicator of technology on the Internet. [I might, however, question seeing these fake codecs on sites like YouTube (baring being promoted through banner advertisements and the like), due to the way these fake codecs work and how videos are uploaded.]
Now, some of the articles infer that downloading videos themselves is potentially dangerous. Just to clarify for everyone, these fake codecs need to be installed, which requires a direct user action. The way they typically work is that you click on a video, and get a fake dialog box which says something like “you need to install this in order to view this video”.
For example, here’s a sample from today:
First, you get a message in the Windows Media player
Clicking on “click here” brings up the XP security dialog:
That’s a bad codec. But here’s an example of Zango (180Solutions) doing the same type of thing for the adware Seekmo, isntalled from a video site called smithhappens(dot)com:
In the case of Seekmo, you’ll get popup ads from 180solutions.
If you don’t allow the codec to be installed, you’re very likely going to be ok (of course, there is always the chance of an exploit being used to install a codec, but I’m giving you the general picture here).
So if you go to a website to view a video and it asks you to install something, be very careful. Even legitimate codecs like DivX have the chance to be abused. In the case of DivX, for example, I would go to the DivX site and install it directly.
Alex Eckelberry