Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

zCodec Video Codec Is a Trojan

kdawson posted more than 7 years ago | from the who-is-watching-whom? dept.

188

Bride of Chucky writes "There's a new video codec out there that claims to offer 'up to 40 percent better video quality' but that resets your computer's DNS settings — opening the way for Trojans, rootkits, or whatever. Techworld warns that zCodec looks professional enough, is widely available, and comes in at 100KB. What's the bet the media companies are behind this somewhere?"

cancel ×

188 comments

Rather than the conspiracy theory. (5, Insightful)

Spazntwich (208070) | more than 7 years ago | (#16040067)

I'd give a lot more consideration to an enterprising spammer/botnet advertiser being behind this.

Follow the money. The MPAA has plenty to make off p2p lawsuits to risk the kind of bad press and fines they'd get by doing something like this.

Basically, the submitter is an irrational idiot pandering to the anarchist conspiracy theorists in an attempt to start a flamewar. Congratulations, you've probably got it.

Re:Rather than the conspiracy theory. (1)

andrewman327 (635952) | more than 7 years ago | (#16040123)

I agree with you. There are plenty of trojens out there other than condoms; why would this one be a corporate conspiracy? A quick Google search [google.com] shows that this is nothing new. I think that companies learned their lesson from Sony's rootkit fiasco.

Re:Rather than the conspiracy theory. (0, Flamebait)

Anonymous Coward | more than 7 years ago | (#16040568)

I think that companies learned their lesson from Sony's rootkit fiasco.

In that instance, I thinks it was a mere (although major) fuck-up of buying the wrong DRM-solution. Sony's managers don't get DRM, the DRM-solution's developers don't either and decided to modify the OS. It was bad execution, not bad intent*.

* No, the intention to introduce DRM itself is not bad, you fucking hippies. Shut the fuck up, please.

Re:Rather than the conspiracy theory. (4, Insightful)

MustardMan (52102) | more than 7 years ago | (#16040133)

While I agree that the submitter is probably full of shit... your argument is kind of weak. Try a little word-replacement and see what you get...

"Follow the money. Sony has plenty to make off hardware and music sales to risk the kind of bad press and fines they'd get by installing a rootkit on your computer"

Sony makes a whole fuckload more money from their products than the MPAA gets from suing grandmothers, and that sure didn't stop them from one of the biggest PR blunders by a tech company in recent memory.

It's far more likely that a script kiddie or spammer type is responsible... but I would NOT put this sort of thing past the shitbags at the MPAA.

Re:Rather than the conspiracy theory. (1)

MustardMan (52102) | more than 7 years ago | (#16040156)

After R'ing TFA, I'd say the submittor is almost certainly fulla shit, only because this thing looks like it's chock full of malware elements. That being said, I still wouldn't put it past the MPAA to try to pull something similar.

Re:Rather than the conspiracy theory. (2, Insightful)

kripkenstein (913150) | more than 7 years ago | (#16040140)

I'd give a lot more consideration to an enterprising spammer/botnet advertiser being behind this.

Exactly.

We have no evidence for the media corporations being involved in such actions; and it wouldn't make much sense for them to do so, either. This adware will make money; money is something that media companies already have, but adware companies constantly work to get. What the media companies need is not more money, but to scare people off of using p2p software - and this isn't the way to do that. No, the way to scare people would be to damage their computers, not to make money off of them.

WHO CARES!? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#16040182)

STEVE IRWIN IS DEAD!

Re:Rather than the conspiracy theory. (2, Insightful)

svunt (916464) | more than 7 years ago | (#16040675)

Basically, the submitter is an irrational idiot pandering to the anarchist conspiracy theorists in an attempt to start a flamewar.
Wow, is this an extension of an eye for an eye? Now we're up to 'a kneejerk asstard for a kneejerk asstard'. The submitter has as much right to make stupid links between some malware and the **AA as you have linking his silly analysis to anarchism.

fist post (-1, Offtopic)

Bohemoth2 (179802) | more than 7 years ago | (#16040070)

yay!

What! (5, Funny)

Funkcikle (630170) | more than 7 years ago | (#16040071)

40% better video performance but NO LINK TO IT? Come on!

Re:What! (5, Funny)

JonWan (456212) | more than 7 years ago | (#16040171)

here it is :http://www.zcodec.com/index.html [zcodec.com]

But It dosen't run on linux.

Re:What! (0)

Anonymous Coward | more than 7 years ago | (#16040187)

Curiously enough they know better than to be running Windows Server. The website is hosted on a FreeBSD server.

Re:What! (4, Insightful)

gEvil (beta) (945888) | more than 7 years ago | (#16040249)

From the summary: "zCodec looks professional enough..."

So I clicked on the zcodec.com link above and the first thing I noticed was the use of some copyrighted movie posters on their page. And then I saw the link for the "therms of use." "Professional enough" indeed...

Re: Therms!! Hooray! (1)

TaoPhoenix (980487) | more than 7 years ago | (#16040267)

I have actually seen legitimate companies make spelling errors on pages. Sometimes, if I like the company, I email them a notice.

But what web coder would equally mis-spell the *filename* ??!

a class="link" href="therms.html" .... Therms of use

THAT is what cues the alarms.

Re: Therms!! Hooray! (1)

jZnat (793348) | more than 7 years ago | (#16040291)

They obviously outsourced their web design.

Re: Therms!! Hooray! (1)

Funkcikle (630170) | more than 7 years ago | (#16040439)

They obviously outsourced their web design.

To Terry Pratchett, by the look of it.

Re: Therms!! Hooray! (2, Funny)

Anonymous Coward | more than 7 years ago | (#16040551)

To Terry Pratchett, by the look of it.

I was thinking more along the lines of Terri Schiavo.
 

There's a typo (1)

Opportunist (166417) | more than 7 years ago | (#16040318)

It's spelled "provisional".

Re:What! (2, Funny)

MrYotsuya (27522) | more than 7 years ago | (#16040571)

And then I saw the link for the "therms of use." "Professional enough" indeed

Hey now, be nice. People with lisps can be professionals too.

Re:What! (1)

dwandy (907337) | more than 7 years ago | (#16040250)

I think the best part is the " Therms of use " link...

Re:What! (1)

whoever57 (658626) | more than 7 years ago | (#16040435)

I think the best part is the " Therms of use " link...
Does that mean I have to pay PG&E (Pacific Gas and Electricity) to use it... oh wait. I do already!

But on a more serious note, since the operation of the "codec" is misrepresented, I wonder how enforcable the terms are? Especially the "no reverse engineering" restriction (which is invalid in some states anyway).

Re:What! (4, Funny)

BlackHat (67036) | more than 7 years ago | (#16040447)

Forgetting to change
http-//www.vcodec.com in it{see last line of 'therms'} to zcodec.com is the best laugh I've had today.

Re:What! (1)

whoever57 (658626) | more than 7 years ago | (#16040393)

But It dosen't run on linux.
Are you sure? I have this package called "win32codecs" on my system, as well as Wine. Surely I can get it to run?

Re:What! (1)

JonWan (456212) | more than 7 years ago | (#16040626)

Well it will install under wine, I just did it. But the only thing I can find in my .wine c_drive folder is a dir called HQ codec and the files register.exe, Uninstall.exe. Register.exe crashes wine, and Uninstall.exe removes the HQ codec directory and the start menu links. I don't have a real install of windows and so far thats all I can find on my system. I'll dig around but it didn't appear to send any data out when I ran either exe. Maybe register.exe is it and it crashed before it could do anything. I wanted to at least see a zcodec.dll file.

Re:What! (1)

JonWan (456212) | more than 7 years ago | (#16040644)

oops never depend on their log. it dosen't delete anything execpt Uninstall.exe , register.exe is still there. Hmmmm

Re:What! (0, Redundant)

zmollusc (763634) | more than 7 years ago | (#16040193)

Are you stupid or something? It isn't going to be anywhere near 40% improvement. That is just to lure you in. Real-world improvement will be 10% max, you gullible fool.

Huh? (5, Insightful)

WD (96061) | more than 7 years ago | (#16040073)

What are "the media companies" and why would they be behind this?

Re:Huh? (1)

mqduck (232646) | more than 7 years ago | (#16040128)

What are "the media companies" and why would they be behind this?

It was probably meant as a joke. The idea, as I see it, was that the MPAA could have put this out to discourage the use of compressed video files. Best not to take it seriously, instead of fmaling it as stupid (as I'm sure some are getting ready to).

Re:Huh? (1)

mqduck (232646) | more than 7 years ago | (#16040143)

Also, best to ignore my inability to type "flaming" instead of making fun of me for it. My fragile ego can't take it.

Re:Huh? (1)

Achromatic1978 (916097) | more than 7 years ago | (#16040270)

It was probably meant as a joke.

Unfortunately, it probably wasn't. Survey any of the RIAA/MPAA posts here and you'll quickly find a widespread and virulent tin foil brigade who think those organisations are out to get them, in any and every way possible.

Blame the new guy... (2, Funny)

Kunta Kinte (323399) | more than 7 years ago | (#16040388)

What are "the media companies" and why would they be behind this?

The article was posted by a 'kdawson', I bet that's the new guy.

We all know that Taco and his crack team of editors would never let such an unfounded and inflammatory statement on the front page of this outstanding news establishment.

So cut the guys some slack. After all, I bet you this Dawson kid will be reprimanded and articles will be back to the high standard of journalism we're use to in no time.

I am surprised this one did not make it to the pos (0, Offtopic)

mapkinase (958129) | more than 7 years ago | (#16040078)

TA:
Panda's advisory last week revealed that the 100KB file is in fact adware, which "downloads and runs files, changes the DNS configuration and monitors accesses to several adult websites". zCodec, formally known as Adware/ZCodec or Adware/EMediacodec, affects most versions of Windows and was first detected last week, Panda said.
I am a little bit confused with the modality of the post. Is anyone in doubt that this is quite nasty piece of soft?

Use Linux (0)

Anonymous Coward | more than 7 years ago | (#16040082)

... then this problem won't arise.

Re:Use Linux (3, Informative)

rm69990 (885744) | more than 7 years ago | (#16040429)

Or use Windows and don't download dangerous software. Any piece of software with a set of "therms of use" should be avoided (see the software's home page to know what I'm talking about). Or of course buy a Mac (sorry, Apple fanboy here :-P)

Re:Use Linux (1)

19thNervousBreakdown (768619) | more than 7 years ago | (#16040593)

Or the claim of a 40% increase in quality (WTF does that even mean? I'm 80% more awesome than these guys) with lower bitrate without any of the fanfare you'd usually expect from such an amazing advance.

Why are the media companies being accused? (2, Insightful)

Refelian (923767) | more than 7 years ago | (#16040090)

Is there any evidence that they are behind this codec?

Don't you think that after the sony rootkit most companies wouldnt bother with such schemes....

Gimme an S. (1, Redundant)

uncoveror (570620) | more than 7 years ago | (#16040111)

Gimme an S.

S!

Gimme an O.

O!

Gimme an N.

N!

Gimme a Y

Why? They put rootkits on CDs. They are just the kind of company that would make a video codec that is a trojan.

Re:Gimme an S. (1)

kimvette (919543) | more than 7 years ago | (#16040166)

s/trojan/DRM scheme and EULA, making removal and/or circumvention a crime under the DMCA/

Re:Gimme an S. (1)

Al Dimond (792444) | more than 7 years ago | (#16040647)

You probably should escape the slash in your substitution string there.

Re:Gimme an S. (0)

Anonymous Coward | more than 7 years ago | (#16040200)

A shot nearly cheap enough for al-Reuters.

it makes sense (1)

crankshot999 (975406) | more than 7 years ago | (#16040118)

If it opens backdoors it would make sense that media companies can use it to check for pirated software.

Freaky coincidence (0, Offtopic)

Asmor (775910) | more than 7 years ago | (#16040122)

I was able to connect fine this morning, then for some reason many sites stopped working. After various troubleshooting, I discovered that my computer had been changed from obtaining the DNS automatically to specifying 4.2.2.2

Anyone have any idea what might have happened? I didn't download or install anything in the time frame that this happened.

Re:Freaky coincidence (1)

Dragonslicer (991472) | more than 7 years ago | (#16040207)

I believe 4.2.2.1 and 4.2.2.2 are the addresses for a major public DNS server, but I've completely blanked on the name.

Re:Freaky coincidence (1)

Asmor (775910) | more than 7 years ago | (#16040230)

I thought the same thing. I still can't comprehend how the setting got changed, though.

4.2.2.2 (4, Informative)

MillionthMonkey (240664) | more than 7 years ago | (#16040392)

There is a legitimate DNS server sitting at 4.2.2.2. I think it belongs to GTE (now Verizon). It has the misfortune of having an easy IP address to remember. In a pinch, if you can't remember the IP of your own DNS, there's always 4.2.2.2. Most people who use it have it as their alternate DNS. Verizon likes to give it names like i-will-not-steal-service.sys.gtei.net.

You've already gotten a reply to your original post that indicates at least one other person has seen this happen to their DNS settings. If I'd never typed in 4.2.2.2 myself, and I had no previous business relationship with Verizon or GTE, I'd call shenanigans. A malware writer needing to disable automatic DNS for some reason would have to specify a replacement IP and 4.2.2.2 is convenient to hard code.

Re:Freaky coincidence (1)

TheRaven64 (641858) | more than 7 years ago | (#16040263)

$ host 4.2.2.1
1.2.2.4.in-addr.arpa domain name pointer vnsc-pri.sys.gtei.net.
$ host 4.2.2.2
2.2.2.4.in-addr.arpa domain name pointer vnsc-bak.sys.gtei.net.
The owner of those domains is Verizon Trademark Services LLC. If Verizon is your ISP, this would be the correct DNS to use.

Re:Freaky coincidence (2, Informative)

ShaunC (203807) | more than 7 years ago | (#16040370)

4.2.2.1 to 4.2.2.6 are public nameservers operated by Verizon.

Re:Freaky coincidence (1)

Kumochisonan (704897) | more than 7 years ago | (#16040284)

One of my customers got this tonight.I wonder what it is...

Re:Freaky coincidence (1)

jZnat (793348) | more than 7 years ago | (#16040302)

4.2.2.2 is one of Verizon's DNS addresses, and besides being easy to remember, it's pretty reliable (at least far more reliable than Comcast's).

Re:Freaky coincidence (1)

Monkelectric (546685) | more than 7 years ago | (#16040303)

4.* is Verizon/gte I believe. You use either of those for you DSL? :)

Re:Freaky coincidence (1)

Asmor (775910) | more than 7 years ago | (#16040425)

Nope, Comcast cable.

Hmm. (5, Insightful)

TheRaven64 (641858) | more than 7 years ago | (#16040127)

What's the bet the media companies are behind this somewhere?

A tin-foil hat is a mark of someone who can, in all seriousness, say 'if it looks like a duck, and quacks like a duck, then it must be a concealed listening device placed by the government under the instruction of the military-industrial complex and funded by the media industry.' The poster should wear his with pride.

Re:Hmm. (1)

thelost (808451) | more than 7 years ago | (#16040145)

if its quack echoes then it *is* a duck, otherwise it's time to make like a tree and go.

Re:Hmm. (1)

Tack (4642) | more than 7 years ago | (#16040206)

if its quack echoes then it *is* a duck, otherwise it's time to make like a tree and go.
That should be "make like a tree and get out of here [imdb.com] ."

"looks professional enough"?? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16040129)

"looks professional enough"?? No way! It has a direct link to the .exe from the front page, without any annoying EULA or email-address harvesting page to click through first. That's a dead giveaway that this isn't legit! (Sad but true.)

suprise suprise, another American company (0)

Anonymous Coward | more than 7 years ago | (#16040132)

just like "most" spyware/viruses (180solutions etc) its from an American company, are you guys serious about upholding the law or just breaking it ?
Administrative Contact:
    ZCodec Inc
    Abrahamen Biderman (webmaster@zcodec.com)
    5624 17th Ave
    Brooklyn
    New York
    NY,11204-1834
    US
    Tel. +718.2364275

Re:suprise suprise, another American company (0)

Anonymous Coward | more than 7 years ago | (#16040191)

the phone number is registered to
Amilcar Perez
7319 13th Ave
Brooklyn, NY 11228-2010
(718) 236-4275

Re:suprise suprise, another American company (1)

OmnipotentEntity (702752) | more than 7 years ago | (#16040214)

I have my doubts about that. It's just a little thing. But "Therms of use" strikes me as not something an American would write... twice. [zcodec.com] (Check the url of the link.)

I'm going out of a limb and say that that's just someone registering false info. Also, there is no 17th Ave in Brooklyn. [google.com]

Wassamatta... you can't work Mapquest or Experian? (1)

spywhere (824072) | more than 7 years ago | (#16040251)

There is a 17th Avenue in Brooklyn.
The address given in the Whois search exists. It's apparently an office building.

Re:suprise suprise, another American company (0)

Anonymous Coward | more than 7 years ago | (#16040339)

Umm yes there is, that address is valid.

Re:suprise suprise, another American company (1)

generic-man (33649) | more than 7 years ago | (#16040347)

"New York, NY" refers to Manhattan. "Manhattan, NY" is not used in mailing addresses.

Here's the address mapped in Brooklyn, NY. [google.com]

Re:suprise suprise, another American company (1)

flyingfsck (986395) | more than 7 years ago | (#16040369)

Google turns up bazillions of 'therms of use'...

Re:suprise suprise, another American company (1)

OmnipotentEntity (702752) | more than 7 years ago | (#16040421)

Funny, I see about 650 [google.com] . And even less if you specify that the URL must contain "Therms" [google.com] . If fact, with that second one, there are only 5 pages returned, three in French, one from a .de domain, and our very own zcodec.

Re:suprise suprise, another American company (4, Informative)

flooey (695860) | more than 7 years ago | (#16040381)

Also, there is no 17th Ave in Brooklyn.

Actually, there is [google.com] . One of the oddities about New York City is that a mailing address of New York, NY means Manhattan. To properly address something in Brooklyn (and thus for Google Maps to find it) you need to use Brooklyn, NY.

"Therms" of Use and Support (1)

Nighttime (231023) | more than 7 years ago | (#16040135)

Just had a quick run through their therms[sic] and at the bottom there's a URL for http://www.vcodec.com/terms.html [vcodec.com] . However, that URL just leads to a page of sponsored links.

They also have a Support form on their site. Wonder if they actually are reading the support enquiries or just harvesting emails?

Re:"Therms" of Use and Support (1)

postmortem (906676) | more than 7 years ago | (#16040422)

actual site is http://www.zcodec.com/therms.html [zcodec.com] . You are right about "Therms". Definitely not of western origin.

No need for conspiracies... (4, Insightful)

AgentPaper (968688) | more than 7 years ago | (#16040139)

...user stupidity makes a dandy explanation. If there is a universal truth in today's networked world, it is that the gullibility of the average Netizen knows no bounds. I'd be willing to bet that you could write a program that claims to turn your printer into a replicator, and some doofus would buy it.

This ranks right up there with the scores of malware programs that pretend to be malware removers. I assume the original poster would have us believe that all those are really written by the likes of Symantec and McAfee?

The underlying problem is much deeper (1)

scenestar (828656) | more than 7 years ago | (#16040146)

This is another great example of how lack of technical knowledge can be used to take advantage of "home users".

Joey Dell doesn't see the difference between technical details of OSS and Proprietary Software, all he sees is the malware being marketed as "Faster SMaller Better"

zcodec.com still up?!? (1)

_Griphin_ (676977) | more than 7 years ago | (#16040159)

And why is the webpage still active?!?

Re:zcodec.com still up?!? (3, Funny)

Anonymous Coward | more than 7 years ago | (#16040211)

Oooh!

You mean the famous SlashDot Effect hasn't taken down the meany malware site?
They must have some muscle behind their servers. Should we Digg them too?

Come on, mods, it has to be asked (4, Funny)

knightmad (931578) | more than 7 years ago | (#16040160)

Will it run on Linux? We don't want to feel left out again. These damned malware-laden proprietary crap!

Oh please... (5, Insightful)

kentrel (526003) | more than 7 years ago | (#16040164)

What's the bet the media companies are behind this somewhere?

That's incredibly presumptuous and a completely baseless accusation. There are lots of people who can clearly benefit from trojans, and someone obviously has seen the potential in video codecs as a nice "social engineering" way of fooling the gullible masses into downloading them. The average person generally searches for video codecs once in a blue moon - they have no way of knowing which sites are legitimate, or which files are legitimate. They'll download whatever sounds promising. In fact, the website looks far more legitimate than some of the genuine codec sites out there.

Smarter users might do regular intensive searching to make sure they are getting a legitimate file, but the average user will not. It's far more likely that the author of this trojan is just exploiting the fact that so many users of codecs are clueless than yet another paranoid conspiracy that the media companies are behind it. Really, will the slashdot editors ever get over their bias and just print actual NEWS.

Re:Oh please... (1)

smash (1351) | more than 7 years ago | (#16040451)

That's incredibly presumptuous and a completely baseless accusation

Whilst I agree it's a stretch, it's not totally baseless [slashdot.org]

Send someone to jail (2, Insightful)

Lord Apathy (584315) | more than 7 years ago | (#16040165)

Enough is a enough. A message needs to be sent to these bastards. Suing and fines only do so much. They fine these bastards, they file for bankruptcy and its over. They close the company and the fines and suits go away. Can't sue what doesn't exist and current corp. laws protect us from going after personal assets.

Time to bring some real charges against these fuckers and send a few of them to prison for a good long stretch. And I'm not talking 6 months in a jail with 500 hours of community service. I'm talking 10 years in maximum security.

I know some people say the punishment doesn't fit the crime but I think its time it did. If we would have locked up some of them bastards from Sony then I bet this one wouldn't' happen.

Re:Send someone to jail (1)

remembertomorrow (959064) | more than 7 years ago | (#16040260)

Which 'fuckers'?

A baseless claim against "the media companies" has your panties in a bunch?

Re:Send someone to jail (0)

Lord Apathy (584315) | more than 7 years ago | (#16040276)

How about the programmer that wrote he code? Or the president of the company that owns the code? Even the name on the web register would do.

And don't give me any shit about the programmer just doing what he was paid to do. He knew what he was writting.

Re:Send someone to jail (1)

jasonditz (597385) | more than 7 years ago | (#16040636)

Why not execute them?

and nobody's doing anything.....why? (4, Informative)

Desolator144 (999643) | more than 7 years ago | (#16040167)

www.zcodec.com registrant info:

ZCodec Inc

Abrahamen Biderman

webmaster@zcodec.com

5624 17th Ave

Brooklyn

New York

NY,11204-1834

Tel. +718.2364275

Creation Date: 23-Dec-2005

Expiration Date: 23-Dec-2006

Okay first of all, it was registered almost a full year ago and second, even now I could probably drive to his house/office (assuming that info is accurate) and arrest him myself faster than the FBI could. Why does everyone always sit around and do nothing when stuff like this happens? Someone should at least give him a call :-) It's not even nigeria this time, how expensive could it be?

Re:and nobody's doing anything.....why? (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16040220)

Abrahamen Biderman

is that a Muslim name?

Re:and nobody's doing anything.....why? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16040273)

no its a Jew, suprised ?

Re:and nobody's doing anything.....why? (2, Interesting)

TaoPhoenix (980487) | more than 7 years ago | (#16040285)

I'm guessing the info is fake. (What are the penalties for faking WhoIs info?)

Yahoo turned up the following:

Amilcar Perez

7319 13th Ave
Brooklyn, NY (map)

Tel.: (718) 236-4275

Does that help anyone?

Re:and nobody's doing anything.....why? (0)

Anonymous Coward | more than 7 years ago | (#16040433)

What are the penalties for faking WhoIs info

you lose the domain

http://www.internic.net/cgi/rpt_whois/rpt.cgi [internic.net]

No bet... (2, Insightful)

drinkypoo (153816) | more than 7 years ago | (#16040170)

...because even if it were true, we'd likely never see proof. As such, that kind of speculation in a story submission is immature on the part of the submitter and allowing it to go out unedited is irresponsible of the editor. (Bonus points if they're the same person, I didn't check.)

Wha? (1)

jb.hl.com (782137) | more than 7 years ago | (#16040222)

"The media companies are behind this"? Are you letting twitter [slashdot.org] loose on the Submit Story function now?

Whoever wrote that needs their heads checking.

Fire! (0, Offtopic)

Randseed (132501) | more than 7 years ago | (#16040281)

Fire twinklers and a full spread of light balls! Fukkkkov!

Appears to be from Inhoster, known spyware source. (5, Informative)

Animats (122034) | more than 7 years ago | (#16040282)

Looks like this is coming from a known source of spyware in Ukraine, "Inhoster.com".

"zcodec.com" is actually "85.255.117.106-xbox.dedi.inhoster.com", a dedicated server at a "nlayer.net" colocation site in San Francisco. The dedicated server appears to be associated with "atrivo".

Both "inhoster.com" and "atrivo" appear to be "psuedo-ISPs"; they have web sites that look like those of an ISP, but they don't really offer services for sale. Both have bad reputations: see "Spywarequake Scam on the Run [netrn.net] . The previous attacks were based on phony anti-spyware programs. Now that people are wise to that one, the new frontier is apparently phony codecs.

The WHOIS information for "zcodec.net" appears to be bogus. It's given as "Abrahamen Biderman" at "5624 17th Ave, Brooklyn, New York" There is an "Abraham Biderman" with an office at 5624 17th Ave, Brooklyn, New York, and he's a political figure and investment banker [forbes.com] , with a career running major financial institutions. Probably not behind some two-bit spyware scam.

Re: Which brand of bogus? (1)

TaoPhoenix (980487) | more than 7 years ago | (#16040326)

I'm lost, and I don't live next to the seeds of the Apple to sort it out.

A. There's no 17th Ave in Brooklyn
B. The address does exist, except its occupant is deemed not likely.

Which one?

Therms of use? (0, Redundant)

Sparco (600802) | more than 7 years ago | (#16040341)

www.zcodec.com

Granted the site does look somewhat professional; but could use a quick spell check. 'Therms of use' ... come on now.

WHOIS:

        ZCodec Inc
        Abrahamen Biderman (webmaster@zcodec.com)
        5624 17th Ave
        Brooklyn
        New York
        NY,11204-1834
        US
        Tel. +718.2364275

thats news - heres a tip (3, Interesting)

gsn (989808) | more than 7 years ago | (#16040350)

wow a codec is spyware - inconcievable!!! Who the heck told you to download an unheard of codec which you probably didn't need. The vast majority of spyware is around because people download things they don't actually need from an untrusted third party source. I can't begin to count the number of computers I've had to fix because some twit downloaded a codec pack or opened an scr file in their email or downloaded some game crack to pirate a game and found it installed bonzi buddy.

Virtually every bloody codec pack you could download contained spyware/adware - some of them put in by the developers themselves. I've got some lovely versions of Nimo, K-lite and gordian knot to prove it. Hell, DivX pre 5.2 had GAIN in it and if you didn't know where to look on their website you had no way of finding the version without it (it didnt have the encoder so wasn't gain supported) . VLC is all I download for video playback now. If they don't support it I don't need to watch it - I've an flv file convertor for those of you who know how to download the dang yourtube/google videos that vlc cant handle perfectly.

Learnt the hard way not to download things from any third party site even if its trusted back in high school. I run XP because I like playing games. If I had a tinfoil hat I'd read the source and then compile and do MD5 checks but I'm lazy and will take the binary packages, and I suspect one day I will pay for that laziness, despite my use of Tea Timer and the Spybot S&D hosts file and immunization databse, Lavasofts ad aware, windows defender and rootkit revealer, hijack this, peer guardian 2, and spyware blaster. One day I will be an idiot and download a binary with some spyware that is still under the radar for all of these and I will be pissed when I realize it. Atleast, I will realize it, but most users wont.

Re:thats news - heres a tip (0)

Anonymous Coward | more than 7 years ago | (#16040590)

You don't even realize that Tea Timer and the Spybot S&D hosts file and immunization databse, Lavasofts ad aware, windows defender and rootkit revealer, hijack this, peer guardian 2, and spyware blaster have nothing to do with security, but only stupidity.

I bet PC will (3, Funny)

ericdano (113424) | more than 7 years ago | (#16040353)

I bet PC [apple.com] will be pissed. Poor guy. Spyware, Viruses, physical damage and now....this?

The therms(sic) do seem to admit part of this (1)

Bruce Stephens (6634) | more than 7 years ago | (#16040356)

Licensor may offer additional components through our version checking/update system. These components include: Toolbar, Popup advertising solution, Commercial homepage manager, Commercial messenger.
How can anyone resist?

Why take the detour? (2, Interesting)

Opportunist (166417) | more than 7 years ago | (#16040362)

When the straight line connects much better?

Music companies have huge legal departments that can (and do) get their info from ISPs with subpoenas. Trojan distributors are constantly trying to find new ways to push their junk onto your computer, often by paying heavily for 0day exploits.

Who is more likely to buy a "cheap" way to bug your PC?

Media Companies (1)

bendodge (998616) | more than 7 years ago | (#16040405)

Why in the world would a media company want to publicize a good codec? I thought all they liked was real player!

What's behind what (1)

noidentity (188756) | more than 7 years ago | (#16040483)

What's the bet the media companies are behind this somewhere?

What's to bet that a grudge and agenda is behind this unfounded swipe?

Whats the bet? (1)

matw8 (901439) | more than 7 years ago | (#16040490)

since you asked... about 1 in 1,000,000 But I grant you there is still a chance.

This wouldn't happen (0)

Anonymous Coward | more than 7 years ago | (#16040496)

If Windows were more secure.

My bet (0)

Anonymous Coward | more than 7 years ago | (#16040526)

I bet all the /. posts that defend the media companies and accuse the poster of baseless accussations, are sponsored by the media companies.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...