LandzDown Forum

Beware of links inviting you to watch small movies where you will need an MS Codec to view it.

I've noticed there have been people joining other forums just for the purpose of posting links to small movies you can watch and when you are there it tells you to download a codec to view the movie. What you'll be getting is a Trojan Horse Downloader.Zlob.CU and possibly others.

Here is a screen of what one of the posted links looks like,

(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi74.photobucket.com%2Falbums%2Fi246%2Fmoedfoo%2Fphotobie%2Fvirus_link.jpg&hash=e3caaad91a90bc33bd59de53745c77f110364098)

You will then be taken to a page where you will be getting something like this, vccodec.589.exe, which is obviously not a movie file or a codec.

(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi74.photobucket.com%2Falbums%2Fi246%2Fmoedfoo%2Fphotobie%2Fvccodec.jpg&hash=18655595f9fc4e910e4b6ccc4a452ce7e8cb2f70)

Excellent warning, Narov! :rose:  The more we can get this message out, the fewer people will be infected. 

Sadly, there's more than just the codecs for movie clips.  Spoofed e-mails claiming to be Windows Update has caught a number of victims.  Microsoft never sends updates via e-mail.  Others have been infected by a fake e-card greeting or an e-mail asking them to open a link to see the message (these can be fake e-mails, intended only to infect), or IM links from a 'buddy'. 

The message:  Do Not Trust if you are not expecting or do not recognize the sender!!! 

Staying up to date with Windows Updates will help (go to:  http://update.microsoft.com/microsoftupdate/ ).  In the event it is too late for these warnings, start with the cleanup instructions in the linked topic below and post the log files for review.

Cleanup instructions for infections from fake security programs: http://www.landzdown.com/index.php?topic=11024.0

Also for a warning if you visit youtube ..

http://news.bbc.co.uk/2/hi/technology/6100016.stm


Also some of the sites to steer clear off here

http://www.flickr.com/photos/69395148@N00/



numbnuts.. :breakkie:

Narov,
Those links were being posted in forums???? 

Oh boy, did you keep track of their user names so we could look them up and offer them a little tar, feathers, & feces?

These screenshots from narov & link from numbuts of alexeck's photos
are facinating to see what these fake or infected codecs look like online, since I haven't encountered them...YET.

Problem is...I don't know that I would recognize that "vccodec" is not legit.  But since I wouldn't know, I would NOT choose "save to disc".

For me, the number of online videos I've watched I can count on my fingers/toes, & what few I have watched, I can view with what resident video players I have...never gotten a prompt to this day that I need a new codec to watch something.

Corrine, I've read your blog entry Beware of Codecs: http://securitygarden.blogspot.com/2006/10/beware-of-codecs.html

QuoteIt is time to take off the kid gloves: do not download codecs!

So I have started some diaglogue w/ the pre-teen/teenagers I know and I need some assistance from LzD members that do more than me, of this online video/codec stuff.
I am wondering about 2 scenerios.


#1 An XPSP2 computer with at least 2 video players was running the latest versions of those players and was clicking on links to watch an online video either at a website or thru a link in IM would be able to watch what percentage of those videos w/o the need of an additional codec?  More than 50%?  More than 75%?
Wouldn't having updated video players give that computer viewing capabilites of almost all "uninfected" online video clips?
In other words, if the movie doesn't play, then there are plenty of other videos you can watch.  And this is why you stay away from those other ones asking you to download something extra.

#2 If the same computer, as was defined in #1, was clicking on links at a website or a link in IM to watch a video, and were presented with the screen shots that narov posted, but were running in a limited user account, would they be able to choose download/install, and invite the infection? Or would they not have rights?

Lastly, someone might assume that the parents of these pre-teens/teens ought to be in the mix, but let's say they are still learning how to manage online safety themselves.

Quote from: ripley on November 21, 2006, 02:44:02 AM
#2 If the same computer, as was defined in #1, was clicking on links at a website or a link in IM to watch a video, and were presented with the screen shots that narov posted, but were running in a limited user account, would they be able to choose download/install, and invite the infection? Or would they not have rights?

ripley

Create and customize user accounts
Its even got screen shots ripley.  :rose:   I think it would have to do with the way you set up the account in the first palce as in give them permission to watch videos or download codecs

http://www.microsoft.com/windowsxp/using/setup/winxp/accounts.mspx

Adjusting security settings in the Media Player

http://www.microsoft.com/windows/windowsmedia/player/11/security_beta.aspx


I for one rely on me firewall killing potentially dangerous links when my sons on MSN  he cant click a link as it taken out even before it gets here and he gets a warning
To say its potentially dangerous, the firewall is pass word potected so he cant make any changes / not that he would want to ofcourse ..

numbnuts.. :)