37
vote
We have one more fake codec by Zlob group, called host-codec. At this time, detections by AVs are poor for this codec installer. Once installed, it drops a file named a.exe to root-drive and drops one BHO named ipv6mons.dll to system32 directory. Along with this, it changes DNS addresses to these things:85.255.113.139
85.255.112.186
Information about these DNSes can be found here and here. More information about this malware can be found here.
Bookmark/Search this post with:
Trackback URL for this post:
http://www.secgeeks.com/trackback/755
