Zcodec Software Hides AS Rootkit, Initiates Malware
Panda Software Labs of USA has detected a new variant of malware called Zcodec that hides itself on the desktop as a rootkit. The program can also alter Web search results and install many other malware.
The Zcodec program feigns to be 'codec software' that was needed to play multimedia files on a PC. The program also shows a license agreement to the users at the time of the installation. However, the program does not make it necessary for the user to submit to the agreement. Zcodec starts installing the moment the setup file is opened and does not give the user any chance to suppress the installation.
The Zcodec causes destruction by charging the DNS settings that construct links on a search page of a search engine and helps to redirect to other web pages. This function enables the developers of the malware to gain from 'pay per click' advertisings or other online advertisings. Besides this users can be targeted with online scams that might lead them to divulge their personal information into the clutches of cyber criminals.
There are some cases where the program also installs a 'Ruins.MB' Trojan that downloads other types of malware on the computer. It may also install an adware application that keeps initiating installation of 'casino' software.
Online attackers are increasingly employing combinations of different techniques. The Zcodec program is a result of an integration of social engineering, rootkits, trojans and a series of manipulations of the targeted computer settings. The objective is to infect the computer without creating suspicion. In the scenario of numerous such malicious programs online, it is imperative that a system is protected, says Patrick Hinojosa, CTO of Panda Software.
In order to safeguard against the malicious Zcodec it is also necessary to assess the source of any files that are downloaded onto the system and read the license agreements fully while installing the programs.
As general protection PC users are recommended to use good anti-virus and anti-spyware applications while regularly maintaining their updates. A good firewall is also helpful, as it will prevent unauthorized access to applications on the Internet.
» SPAMfighter News - 05-09-2006