Adware / Spyware Issues: June 2007 Archives

Pornoplayer installed from fake Windows Codec

| | Comments (0)

There are several ways modern spyware is infecting unsuspecting systems these days. The most common is still the method of bundling malware into trojans so that the user has as little to do with the installation process as possible. Downloader-ADV is a very large series of Trojan downloaders designed to cripple a machine with adware, password crackers, spyware, and other malware. One instance of Downloader-ADV, innocently named loader.exe, drops a pornography media player under the guise of a perfectly legitimate Windows codec. The name of this player is appropriately named, Pornoplayer.

Upon installing loader.exe, it will phone home to kozirodstwo.com. You may recognize this site for such infamous hits as PWS-Pinch and Agent-ECM. You are then directed to a pornography site called porn-party.net.

codec.png

This site pushes on the user a seemingly legitimate codec from Microsoft.

screenie.png

This is actually an installer for Pornoplayer!

pornoeula.png

Other files are also installed along with the Downloader-ADV/Pornoplayer combo. Research also points to pornstar-photos.com installing another part of the Trojan downloader as well as being redirected to rones.porn-host.org. This site is a warehouse for pornography that installs ICOO products.

Pages

About this Archive

This page is a archive of entries in the Adware / Spyware Issues category from June 2007.

Adware / Spyware Issues: May 2007 is the previous archive.

Adware / Spyware Issues: July 2007 is the next archive.

Find recent content on the main index or look in the archives to find all content.