As a brief follow-up to my previous blog today about advertising in spyware: The Zlob trojan comes through fake codecs. It’s nasty and not something you want on your system, and one thing you may get is ads. In this case we found today, ads are spawned through entertainclicks(dot)com/cu/index.html, which you can see for yourself (in a vmware, please), the ads that the site shows on infected machines. The ads feed top10–offers(dot)com.
Alex Eckelberry
(Thanks Patrick)