Slashdot Mirror
zCodec Video Codec Is a Trojan
Bride of Chucky writes "There's a new video codec out there that claims to offer 'up to 40 percent better video quality' but that resets your computer's DNS settings — opening the way for Trojans, rootkits, or whatever. Techworld warns that zCodec looks professional enough, is widely available, and comes in at 100KB. What's the bet the media companies are behind this somewhere?"
I'd give a lot more consideration to an enterprising spammer/botnet advertiser being behind this.
Follow the money. The MPAA has plenty to make off p2p lawsuits to risk the kind of bad press and fines they'd get by doing something like this.
Basically, the submitter is an irrational idiot pandering to the anarchist conspiracy theorists in an attempt to start a flamewar. Congratulations, you've probably got it.
40% better video performance but NO LINK TO IT? Come on!
What are "the media companies" and why would they be behind this?
Is there any evidence that they are behind this codec?
Don't you think that after the sony rootkit most companies wouldnt bother with such schemes....
A tin-foil hat is a mark of someone who can, in all seriousness, say 'if it looks like a duck, and quacks like a duck, then it must be a concealed listening device placed by the government under the instruction of the military-industrial complex and funded by the media industry.' The poster should wear his with pride.
I am TheRaven on Soylent News
This ranks right up there with the scores of malware programs that pretend to be malware removers. I assume the original poster would have us believe that all those are really written by the likes of Symantec and McAfee?
First rule of trauma: Bleeding always stops.
Will it run on Linux? We don't want to feel left out again. These damned malware-laden proprietary crap!
That's incredibly presumptuous and a completely baseless accusation. There are lots of people who can clearly benefit from trojans, and someone obviously has seen the potential in video codecs as a nice "social engineering" way of fooling the gullible masses into downloading them. The average person generally searches for video codecs once in a blue moon - they have no way of knowing which sites are legitimate, or which files are legitimate. They'll download whatever sounds promising. In fact, the website looks far more legitimate than some of the genuine codec sites out there.
Smarter users might do regular intensive searching to make sure they are getting a legitimate file, but the average user will not. It's far more likely that the author of this trojan is just exploiting the fact that so many users of codecs are clueless than yet another paranoid conspiracy that the media companies are behind it. Really, will the slashdot editors ever get over their bias and just print actual NEWS.
Enough is a enough. A message needs to be sent to these bastards. Suing and fines only do so much. They fine these bastards, they file for bankruptcy and its over. They close the company and the fines and suits go away. Can't sue what doesn't exist and current corp. laws protect us from going after personal assets.
Time to bring some real charges against these fuckers and send a few of them to prison for a good long stretch. And I'm not talking 6 months in a jail with 500 hours of community service. I'm talking 10 years in maximum security.
I know some people say the punishment doesn't fit the crime but I think its time it did. If we would have locked up some of them bastards from Sony then I bet this one wouldn't' happen.
Supporting World Peace Through Nuclear Pacification
ZCodec Inc
Abrahamen Biderman
webmaster@zcodec.com
5624 17th Ave
Brooklyn
New York
NY,11204-1834
Tel. +718.2364275
Creation Date: 23-Dec-2005
Expiration Date: 23-Dec-2006
Okay first of all, it was registered almost a full year ago and second, even now I could probably drive to his house/office (assuming that info is accurate) and arrest him myself faster than the FBI could. Why does everyone always sit around and do nothing when stuff like this happens? Someone should at least give him a call :-) It's not even nigeria this time, how expensive could it be?
now stop reading and go play Dance Dance Revolution!
...because even if it were true, we'd likely never see proof. As such, that kind of speculation in a story submission is immature on the part of the submitter and allowing it to go out unedited is irresponsible of the editor. (Bonus points if they're the same person, I didn't check.)
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Oooh!
You mean the famous SlashDot Effect hasn't taken down the meany malware site?
They must have some muscle behind their servers. Should we Digg them too?
Looks like this is coming from a known source of spyware in Ukraine, "Inhoster.com".
"zcodec.com" is actually "85.255.117.106-xbox.dedi.inhoster.com", a dedicated server at a "nlayer.net" colocation site in San Francisco. The dedicated server appears to be associated with "atrivo".
Both "inhoster.com" and "atrivo" appear to be "psuedo-ISPs"; they have web sites that look like those of an ISP, but they don't really offer services for sale. Both have bad reputations: see "Spywarequake Scam on the Run. The previous attacks were based on phony anti-spyware programs. Now that people are wise to that one, the new frontier is apparently phony codecs.
The WHOIS information for "zcodec.net" appears to be bogus. It's given as "Abrahamen Biderman" at "5624 17th Ave, Brooklyn, New York" There is an "Abraham Biderman" with an office at 5624 17th Ave, Brooklyn, New York, and he's a political figure and investment banker, with a career running major financial institutions. Probably not behind some two-bit spyware scam.
wow a codec is spyware - inconcievable!!! Who the heck told you to download an unheard of codec which you probably didn't need. The vast majority of spyware is around because people download things they don't actually need from an untrusted third party source. I can't begin to count the number of computers I've had to fix because some twit downloaded a codec pack or opened an scr file in their email or downloaded some game crack to pirate a game and found it installed bonzi buddy.
Virtually every bloody codec pack you could download contained spyware/adware - some of them put in by the developers themselves. I've got some lovely versions of Nimo, K-lite and gordian knot to prove it. Hell, DivX pre 5.2 had GAIN in it and if you didn't know where to look on their website you had no way of finding the version without it (it didnt have the encoder so wasn't gain supported) . VLC is all I download for video playback now. If they don't support it I don't need to watch it - I've an flv file convertor for those of you who know how to download the dang yourtube/google videos that vlc cant handle perfectly.
Learnt the hard way not to download things from any third party site even if its trusted back in high school. I run XP because I like playing games. If I had a tinfoil hat I'd read the source and then compile and do MD5 checks but I'm lazy and will take the binary packages, and I suspect one day I will pay for that laziness, despite my use of Tea Timer and the Spybot S&D hosts file and immunization databse, Lavasofts ad aware, windows defender and rootkit revealer, hijack this, peer guardian 2, and spyware blaster. One day I will be an idiot and download a binary with some spyware that is still under the radar for all of these and I will be pissed when I realize it. Atleast, I will realize it, but most users wont.
Reality must take precedence over public relations, for nature cannot be fooled.
I bet PC will be pissed. Poor guy. Spyware, Viruses, physical damage and now....this?
It's either on the beat or off the beat, it's that easy.
I moderate therefore I rule!
--
When the straight line connects much better?
Music companies have huge legal departments that can (and do) get their info from ISPs with subpoenas. Trojan distributors are constantly trying to find new ways to push their junk onto your computer, often by paying heavily for 0day exploits.
Who is more likely to buy a "cheap" way to bug your PC?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
4.2.2.1 to 4.2.2.6 are public nameservers operated by Verizon.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Also, there is no 17th Ave in Brooklyn.
Actually, there is. One of the oddities about New York City is that a mailing address of New York, NY means Manhattan. To properly address something in Brooklyn (and thus for Google Maps to find it) you need to use Brooklyn, NY.
What are "the media companies" and why would they be behind this?
The article was posted by a 'kdawson', I bet that's the new guy.
We all know that Taco and his crack team of editors would never let such an unfounded and inflammatory statement on the front page of this outstanding news establishment.
So cut the guys some slack. After all, I bet you this Dawson kid will be reprimanded and articles will be back to the high standard of journalism we're use to in no time.
Based on upvotes, Ageism is the only "-ism" Slashdotters care about and think isn't SJW
There is a legitimate DNS server sitting at 4.2.2.2. I think it belongs to GTE (now Verizon). It has the misfortune of having an easy IP address to remember. In a pinch, if you can't remember the IP of your own DNS, there's always 4.2.2.2. Most people who use it have it as their alternate DNS. Verizon likes to give it names like i-will-not-steal-service.sys.gtei.net.
You've already gotten a reply to your original post that indicates at least one other person has seen this happen to their DNS settings. If I'd never typed in 4.2.2.2 myself, and I had no previous business relationship with Verizon or GTE, I'd call shenanigans. A malware writer needing to disable automatic DNS for some reason would have to specify a replacement IP and 4.2.2.2 is convenient to hard code.
Or use Windows and don't download dangerous software. Any piece of software with a set of "therms of use" should be avoided (see the software's home page to know what I'm talking about). Or of course buy a Mac (sorry, Apple fanboy here :-P)
To Terry Pratchett, by the look of it.
I was thinking more along the lines of Terri Schiavo.
Whaths wrong withs givingth the Igorth a bit of workth ? They are dependable and efficienth. Ith's not their fault they have trouble finding employmenth in their usual line of exhpertiseth. There are only so many brainth floating around you know (ha ha)...
May contain traces of nut.
Made from the freshest electrons.
and there is more, http://www.pcodec.com/
.exe, but again packed full of trojans.
;)
the same blurb, different
Domain Name: PCODEC.COM
Creation Date: 25-Aug-2006
Expiration Date: 25-Aug-2007
People are being enticed into downloading this codec by the following posting that is being spambotted on to public forums that allow guest posting..
"Br1tney Spe@rs r@ped!
http://britneyspearsrocks.info/"
Perhaps someone should notify him. Sounds like he might have enough $$ clout to be heard when finds out how his identy has been 'stolen' (used w/o his permision) to perpetrate this sort of internet scam.
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
So is the codec written in Common Lithp?
The info in DNS is most likley fake.
Info on Forbes of the real guy. I doubt a stock broker would have much to do with a scheme like this.
I'm a good cook. I'm a fantastic eater. - Steven Brust