A new fake codec: codecvip(dot)com.
Pushes both Windows and Mac TrojanDNSChanger.
Sample binaries: Mac: codecvip(dot)com/download/codecvip(dot)dmg; Windows: codecvip(dot)com/download/codecvip(dot)exe. If you are hunting for Mac fake codecs, remember to change your user agent to a Mac. And please — don’t touch these binaries unless you know what you’re doing, as they are live Trojans.
Alex Eckelberry
(Thanks Bharath)