Select Page

One of our malware researchers, Francesco, just wrote about a spam email requesting a download of a nasty fake codec. 

A new “Italian only” targeted attack targets users posing as new codecs.  These were spammed via e-mail as “funny Christmas videos” that required the user to download a fake codec.

Once downloaded and installed, it displays some popup saying “sorry, compatible only with Windows Vista”, but unfortunately the trojan is installed already.  Propagation is automatic, meaning an infected person automatically sends the same spam to people in his contacts list (who might in turn think it’s authentic since a “friend” sent it).

While the scripted pages prevent being reached outside Italy (displaying a custom 500 internal server error), the files can be downloaded for analysis.

hxxp://www.newcodecscentral(dot)biz/codec_install.exe

hxxp://www.videocardcodecs(dot)biz/install.exe

hxxp://www.videocodecs(dot)biz/codec_installer.exe

Obviously, stay clear of these dangerous trojans. 

Antivirus coverage is very weak on this new trojan, as can be seen here, here and here.

Codec2_99981888333

Alex Eckelberry