Another mass attack on websites
Users who download the "codec" not only get the Zlob Trojan, but also a DNSChanger that sets Windows DNS entries to fake servers which redirect requests for banking sites to the addresses of phishing sites. The phoney codec also downloads additional malicious baggage. Virus scanner detection is patchy. Avast, CA, Gdata, McAfee, NOD32, Panda and Symantec do not yet recognize the virus – more than a third of the virus scanners in the most recent c't virus scanner test.
- Mass File Injection Attack, Internet Storm Center report
- More of The Same: Another Half Million Web Sites Compromised, Trend Micro security blog entry