The hit TV series
Househad its much anticipated season premiere Tuesday, September 5. Only a few hours after the show, copies of the episode were made available for download on the Internet.
To watch the
Houseepisode, which is most likely in AVI format, in your computer, you might need to install a codec, so that your media player can play the file properly.
A codec, short for coder-decoder or compressor-decompressor, is a program that encodes and decodes digital data stream or signal. Media files, being naturally large, are often compressed for easy transmission. If a media file is compressed using a certain codec, that codec should also be present on your system, so that it can be decompressed and your media player can play it.
Codecs are widely available on the Internet. If you don’t already have the necessary codec installed on your computer, it’s easy to find, download, and install one.
Just make sure it’s a legitimate codec installer you’re running and not the new Trojan posing as a codec installer.
The new Trojan, detected as TROJ_ZLOB.ALF, even displays a fake EULA, tricking users into thinking it is a normal installer, all while dropping a malicious file. The dropped malicious file modifies the registry to alter DNS settings.
DNS, which stands for domain name system, is the Internet service that, among other tasks, translates domain names to IP addresses. TROJ_ZLOB.ALF changes the registry so that the affected computers DNS points to a remote DNS server, which is likely controlled by a malicious user. Using this setup, the said malicious user can then decide what IP address the affected system connects to when the user tries to access a domain name.
As of this writing, an affected user who accesses certain domain names may be redirected to adult-themed sites. Of course, the DNS server could be easily changed, so that connections are redirected to malicious sites instead.
If you were searching for a codec installer and came across this malicious file, instead of being able to watch that Houseepisode, you just got your DNS settings messed up, giving a remote malicious user some amount of control and opening chances for acquiring more damage.