Trojan in video codec
zCodec, hawked as a multimedia Compressor/Decompressor (Codec), touts itself as being able to link into Windows DirectShow and thereby improve audio, and in particular video, quality by up to 40 percent. In reality it is a trojan horse that seeks to spy on the user. During the installation of the downloadable EXE file onto our test system, it had already gone to work changing DNS server entries to IP addresses 85.255.X.Y. It then attempted several times to use Internet Explorer to make contact with external sites. As reported by Panda, if successful it then downloads files and executes them. Those files include additional trojan horses like Ruins.MB, which uses rootkit techniques to conceal itself.
Panda is listing zCodec as adware, F-Secure and Kaspersky are warning against Trojan.Win32.DNSChanger.en and eSafe, AVG and Antivir have recognized a Zlob variation. Most anti-virus programs have not as yet classified the spy program as a security threat.
- Description of ZCodec from Panda