Beware Vcodec

Wondering how people get to these bogus security sites and download junk like SpyAxe?

Patrick Jordan and Adam Thomas on our spyware research team have been investigating Vcodec.com.  This is a site that has a program called “VCodec v3.05b is new generation multimedia compressor/decompressor which registers into the Windows collection of multimedia drivers…”

This is bogus video utility. The file, VideoCodec3_05b, is a trojan which then starts the scam about “Your computer is infected!”.

I ran this through VirustTotal and here are the results (“No virus found” means the scanner did not detect the file as a trojan):

—————————————————————————————————

This is a report processed by VirusTotal on 12/14/2005 at 23:23:24 (CET) after scanning the file “VideoCodec3_05b.exe” file.

Antivirus	Version	Update	Result
Kaspersky	4.0.2.24	12.14.2005	Trojan-Downloader.Win32.Zlob.cu
NOD32v2	1.1322	12.14.2005	probably a variant of Win32/TrojanDropper.Small.NCU
CAT-QuickHeal	8	12.13.2005	(Suspicious) – DNAScan
AntiVir	6.33.0.61	12.14.2005	no virus found
Avast	4.6.695.0	12.14.2005	no virus found
AVG	718	12.14.2005	no virus found
Avira	6.33.0.61	12.14.2005	no virus found
BitDefender	7.2	12.14.2005	no virus found
ClamAV	devel-20051108	12.12.2005	no virus found
DrWeb	4.33	12.14.2005	no virus found
eTrust-Iris	7.1.194.0	12.14.2005	no virus found
eTrust-Vet	12.3.3.0	12.14.2005	no virus found
Fortinet	2.54.0.0	12.14.2005	no virus found
F-Prot	3.16c	12.13.2005	no virus found
Ikarus	0.2.59.0	12.14.2005	no virus found
McAfee	4650	12.14.2005	no virus found
Norman	5.70.10	12.14.2005	no virus found
Panda	8.02.00	12.14.2005	no virus found
Sophos	4.00.0	12.14.2005	no virus found
Symantec	8	12.14.2005	no virus found
TheHacker	5.9.1.055	12.14.2005	no virus found
VBA32	3.10.5	12.14.2005	no virus found

—————————————————————————————————

So,only Kaspersky (no surprise), NOD32 and CAT-QuickHeal are catching it. 

Put this one on your blocklist.  Hopefully AV vendors will get signatures out very soon.

Alex