Slashdot Mirror

← Back to Stories (view on slashdot.org)

zCodec Video Codec Is a Trojan

Posted by ryuzaki0 on from the who-is-watching-whom? dept.

Bride of Chucky writes "There's a new video codec out there that claims to offer 'up to 40 percent better video quality' but that resets your computer's DNS settings — opening the way for Trojans, rootkits, or whatever. Techworld warns that zCodec looks professional enough, is widely available, and comes in at 100KB. What's the bet the media companies are behind this somewhere?"

15 of 188 comments (clear)

  1. Rather than the conspiracy theory. by Spazntwich · · Score: 5, Insightful

    I'd give a lot more consideration to an enterprising spammer/botnet advertiser being behind this.

    Follow the money. The MPAA has plenty to make off p2p lawsuits to risk the kind of bad press and fines they'd get by doing something like this.

    Basically, the submitter is an irrational idiot pandering to the anarchist conspiracy theorists in an attempt to start a flamewar. Congratulations, you've probably got it.

    1. Re:Rather than the conspiracy theory. by MustardMan · · Score: 4, Insightful

      While I agree that the submitter is probably full of shit... your argument is kind of weak. Try a little word-replacement and see what you get...

      "Follow the money. Sony has plenty to make off hardware and music sales to risk the kind of bad press and fines they'd get by installing a rootkit on your computer"

      Sony makes a whole fuckload more money from their products than the MPAA gets from suing grandmothers, and that sure didn't stop them from one of the biggest PR blunders by a tech company in recent memory.

      It's far more likely that a script kiddie or spammer type is responsible... but I would NOT put this sort of thing past the shitbags at the MPAA.

  2. What! by Funkcikle · · Score: 5, Funny

    40% better video performance but NO LINK TO IT? Come on!

    1. Re:What! by JonWan · · Score: 5, Funny

      here it is :http://www.zcodec.com/index.html

      But It dosen't run on linux.

    2. Re:What! by gEvil+(beta) · · Score: 4, Insightful

      From the summary: "zCodec looks professional enough..."

      So I clicked on the zcodec.com link above and the first thing I noticed was the use of some copyrighted movie posters on their page. And then I saw the link for the "therms of use." "Professional enough" indeed...

      --
      This guy's the limit!
    3. Re:What! by BlackHat · · Score: 4, Funny

      Forgetting to change
      http-//www.vcodec.com in it{see last line of 'therms'} to zcodec.com is the best laugh I've had today.

  3. Huh? by WD · · Score: 5, Insightful

    What are "the media companies" and why would they be behind this?

  4. Hmm. by TheRaven64 · · Score: 5, Insightful
    What's the bet the media companies are behind this somewhere?

    A tin-foil hat is a mark of someone who can, in all seriousness, say 'if it looks like a duck, and quacks like a duck, then it must be a concealed listening device placed by the government under the instruction of the military-industrial complex and funded by the media industry.' The poster should wear his with pride.

    --
    I am TheRaven on Soylent News
  5. No need for conspiracies... by AgentPaper · · Score: 4, Insightful
    ...user stupidity makes a dandy explanation. If there is a universal truth in today's networked world, it is that the gullibility of the average Netizen knows no bounds. I'd be willing to bet that you could write a program that claims to turn your printer into a replicator, and some doofus would buy it.

    This ranks right up there with the scores of malware programs that pretend to be malware removers. I assume the original poster would have us believe that all those are really written by the likes of Symantec and McAfee?

    --
    First rule of trauma: Bleeding always stops.
  6. Come on, mods, it has to be asked by knightmad · · Score: 4, Funny

    Will it run on Linux? We don't want to feel left out again. These damned malware-laden proprietary crap!

  7. Oh please... by kentrel · · Score: 5, Insightful
    What's the bet the media companies are behind this somewhere?

    That's incredibly presumptuous and a completely baseless accusation. There are lots of people who can clearly benefit from trojans, and someone obviously has seen the potential in video codecs as a nice "social engineering" way of fooling the gullible masses into downloading them. The average person generally searches for video codecs once in a blue moon - they have no way of knowing which sites are legitimate, or which files are legitimate. They'll download whatever sounds promising. In fact, the website looks far more legitimate than some of the genuine codec sites out there.

    Smarter users might do regular intensive searching to make sure they are getting a legitimate file, but the average user will not. It's far more likely that the author of this trojan is just exploiting the fact that so many users of codecs are clueless than yet another paranoid conspiracy that the media companies are behind it. Really, will the slashdot editors ever get over their bias and just print actual NEWS.

  8. and nobody's doing anything.....why? by Desolator144 · · Score: 4, Informative
    www.zcodec.com registrant info:

    ZCodec Inc

    Abrahamen Biderman

    webmaster@zcodec.com

    5624 17th Ave

    Brooklyn

    New York

    NY,11204-1834

    Tel. +718.2364275

    Creation Date: 23-Dec-2005

    Expiration Date: 23-Dec-2006

    Okay first of all, it was registered almost a full year ago and second, even now I could probably drive to his house/office (assuming that info is accurate) and arrest him myself faster than the FBI could. Why does everyone always sit around and do nothing when stuff like this happens? Someone should at least give him a call :-) It's not even nigeria this time, how expensive could it be?

    --
    now stop reading and go play Dance Dance Revolution!
  9. Appears to be from Inhoster, known spyware source. by Animats · · Score: 5, Informative

    Looks like this is coming from a known source of spyware in Ukraine, "Inhoster.com".

    "zcodec.com" is actually "85.255.117.106-xbox.dedi.inhoster.com", a dedicated server at a "nlayer.net" colocation site in San Francisco. The dedicated server appears to be associated with "atrivo".

    Both "inhoster.com" and "atrivo" appear to be "psuedo-ISPs"; they have web sites that look like those of an ISP, but they don't really offer services for sale. Both have bad reputations: see "Spywarequake Scam on the Run. The previous attacks were based on phony anti-spyware programs. Now that people are wise to that one, the new frontier is apparently phony codecs.

    The WHOIS information for "zcodec.net" appears to be bogus. It's given as "Abrahamen Biderman" at "5624 17th Ave, Brooklyn, New York" There is an "Abraham Biderman" with an office at 5624 17th Ave, Brooklyn, New York, and he's a political figure and investment banker, with a career running major financial institutions. Probably not behind some two-bit spyware scam.

  10. Re:suprise suprise, another American company by flooey · · Score: 4, Informative

    Also, there is no 17th Ave in Brooklyn.

    Actually, there is. One of the oddities about New York City is that a mailing address of New York, NY means Manhattan. To properly address something in Brooklyn (and thus for Google Maps to find it) you need to use Brooklyn, NY.

  11. 4.2.2.2 by MillionthMonkey · · Score: 4, Informative

    There is a legitimate DNS server sitting at 4.2.2.2. I think it belongs to GTE (now Verizon). It has the misfortune of having an easy IP address to remember. In a pinch, if you can't remember the IP of your own DNS, there's always 4.2.2.2. Most people who use it have it as their alternate DNS. Verizon likes to give it names like i-will-not-steal-service.sys.gtei.net.

    You've already gotten a reply to your original post that indicates at least one other person has seen this happen to their DNS settings. If I'd never typed in 4.2.2.2 myself, and I had no previous business relationship with Verizon or GTE, I'd call shenanigans. A malware writer needing to disable automatic DNS for some reason would have to specify a replacement IP and 4.2.2.2 is convenient to hard code.