Zlob gang does not seem to be in holiday mood. They are churning up more domains to spread their badware. Here are some of the new domains:
One of the site mentioned above,
http://brakeplayer.net (18.104.22.168), hosts a fake media player installer called BrakePlayer. This installer actually installs a nasty kernel mode rootkit. Following screenshot shows the kernel mode hooks installed by rootkit driver:
The backdoor component of this rootkit establishes connection with a remote rogue server
22.214.171.124(whois). VirusTotal scan results for the installer and rootkit driver files can be found here and here respectively.
Update: BrakePlayer removal procedure has been posted here. Hope that helps :)