Last Updated: 2007-11-18 21:03:45 UTC
by Daniel Wesemann (Version: 1)
Thinking it over, this sort of makes sense: if you want to trick a user into (voluntarily!) downloading and installing a piece of malware that claims to be a video codec, you probably don't want to scare the user away from the sites that draw him into the spyderweb by having other malware or exploit attempts lighting up the user's anti-virus. The Zlob approach of propagating malware seems to have been quite successful for the bad guys: Not only are they still "going strong" more than a year after the first report, they also branched out to include Mac-OSX (diary) earlier this month.
Since the "codec" binaries change frequently and AV coverage is notoriously poor, the probably best defense in a corporate environment is to have a web filter in place that blocks access to porn pages. What used to be seen as a mere "compliance" measure to not to run afoul of sexual harassment rules at the workplace has long since turned into a cornerstone of most companies' malware defense.