Tuesday, July 17, 2007

Host-Codec - One more Zlob fake codec

We have one more fake codec by Zlob group, called host-codec. At this time, detections by AVs are poor for this codec installer. Once installed, it drops a file named a.exe to root-drive and drops one BHO named ipv6mons.dll to system32 directory. Along with this, it changes DNS addresses to these things:
85.255.113.139
85.255.112.186

Information about these DNSes can be found here and here. More information about this malware can be found here.

0 Comments:

Post a Comment

<< Home