Home / malware

PDF

Trojan.HTML.Zlob.AA

First posted on 21 November 2011.
Source: BitDefender

Aliases :

There are no other names known for Trojan.HTML.Zlob.AA.

Explanation :

LI.workaround { PADDING-LEFT: 10px; MARGIN: 0px; LIST-STYLE-TYPE: disc; TEXT-ALIGN: left } This malware is a part of a web page adult video chain that tricks a download of a certain codec or ActiveX component that supposedly helps viewing the content of a video file, but is in fact a known adware and fake security solutions for the user.
It gives the illusion of online video database, "youtube" alike, for adult media files. Actually it shows only the picture as a preview to some movie and urges the user to download and install a video codec or "ActiveX object/component" in order to have the possibility to watch the movie. This is how the message looks in InternetExplorer :

It has the following behavior :

Gives these messages to convince the user to install the malware :
"Video ActiveX Object Error: Your browser cannot display this video file." "You need to download new version of Video ActiveX Object to play this video file. ""To download and install ActiveX Object click Continue."
Then it gives you a download to install on the computer. Usually this is "ActiveX" or "video codecs" related.3. The links that keep the download change rapidly and they usually contain reference to codecs : VideoAccessCodec, VideoSoftOnline, CodecPro,SexyCodecAdult VipCodecVip, IXCodec, MoonCodec , or to video enhancers: VideoAdaptation, SoftWebVideo. This version of malware has its files stored on this website : sexicodecadult-w.comWhen you install the "codec" you receive this error : "Cannot install VideoAccessCodec application, Error 118: Windows components conflict. Try to reinstall operating system and try again.". After this the infection goes on without the user knowledge or consent.
The malware has an entire network of spreading using the method described. Here are two of sites that contain this kind of actions : hot-pornotube2008.com , porn-youtube-8.com.

Last update 21 November 2011

 

TOP