If you’ve been reading our blogs regularly, then you know about fake codecs and fake scanners, like VirusBurst/VirusBuster/VirusBursters.

If you know me a littlebit, you’ll probably know where this little story will end up ;-)

Yep, it’s time to look at the latest goof-up by our not-so-friendly-Fake-Codec-pushers …. ESTDOMAINS!!!

Yesterday, they took it upon theirselves to get a new name for their Zlob-package and called it BrainCodec.

Offcourse, there has to be a home-site for this new beauty … so they parked it on braincodec.com.

Nothing new … even the design is a almost exact copy of the sites ICodecPack, QualityCodec, PerfectCodec (to name a few) and GoldCodec.

However, it seems they were in a hurry a bit to get this codec-baby on the road.

Why? Look closely!

They were in such a hurry, that they forgot to replace the GoldCodec-image (you can’t miss it. It’s in the top left-corner) with a BrainCodec-image.

I guess they will replace the site-image soon enough, so i’m very glad with the screenshot, that i have …

Maybe i should enlarge it and hang it on the wall … that way i can keep smiling about THE fake-codec pushers.

Want to discuss fake codecs, fake malware-scanners or EstDomains with me in more detail? Then click here.

Oh do read and Digg this. Because I said so!

If you see a popup on a Myspace profile claiming the page has been “securely protected”, you better run the other way as fast as you can. Trojans, rogue antispyware tools and fake media codecs await…

read more | digg story | discuss more

…In a hillarious way!

You all know by now the fake codecs flying about like fruitcakes! And you also know the amount of newly created domains that get set-up daily for these codecs.

Well in a hillarious way Sunbelt have set up a domain in hope of twarting the people behind the codec scam!

“Last week, we found two more fake codecs sites — Silvercodec(dot).com and Goldcodec(dot)com. Both of these install fake codecs which do all sorts of nasty things to your PC (oh, rootkits, that kind of stuff).

We got to thinking: Silver… gold… it seems like it’s only going to be a matter of time before the slimeballs pick up Platinum… so we preemptively registered that domain to thwart them. All major TLDs have been registered to Sunbelt Software, thereby keeping these domains out of the hands of the bad guys.” - Sunbelt Blog

This is a great idea. I actually put thought into this some time ago about the rogue programs we keep getting. I say me. It was me and a few experts in a security forum. Thinking about launching a new domain the same way as Sunbelt have done.

Want to discuss this in more detail? Then click here.

…And some people are just stupid enough to leave it on a security site! A bit like VirusRescue! You slamdunk them … they go silent! 1-0 to the zealots!

Remember this post? ‘Course you do! It only goes on chatting about Zango…..and MySpace…

…Now this is where it gets interesting. A site by the name of pimp-myspace-code.com left the trackback!

As all the comments here are in moderation due to the amount of spam we get. My eyes lit up when I saw a suspicious trackback. So I went underground.

First thing to notice was it mentioned MySpace all over it. It was a link to a blog. Which was on a site pimping backgrounds etc. Mainly all things MySpace related.

The interesting part was when I started to click on a few links to the left of their sidebar.

Now this system is pretty darm clean and safe. But suddenly pop-ups appeared. You know … your system seems to have adult related stuff on it … use me to screw your system up even more!

Well maybe not the last bit, but you get my drift. It takes you a few clicks and pop-ups for it to be gone. But amaizingly never returns!

The site also links to bad blogspot sites. Which are also linked to sites believed to push adware etc! Which got me thinking! What else will there be lurking?

Well unfortunatly I didn’t find anything else. But I will continue to monitor this site and possibly even check it out in more detail this weekend coming as not everyone celebrates thanksgiving! :D

But todays lesson is … Stay away from MySpace-pimping-background-and-layout-sites! And keep an eye on any trackbacks you may get on your blog/site!

Notice the spelling? That is the difference here!

Without typing too much has I have hardly no time at this current time. Check out teh paperghost rant!

Now where is that cape!!!

Whilst we continue to upgrade our services here at security cadets. You can now, our readers, report new malware.

*Disclaimer - We may not reply back to each and every e-mail sent to us. Please don’t feel disheartend*

Coverage about this - SecurityGarden

Update - This has now moved to a page of it’s own. The comments have been closed to this article.

Report New Malware Page 

It’s like Zango week and it’s only monday. Oh dear. But anyway. Please be aware of a new piece of crap floating on the internet waves. It’s called ‘The Myspace Tracker‘.

You know at first I thought it was another smitfraud infection considering there has been plenty of that malware on MySpace. But it seems to be another affiliate for Zango:

“This install seems altogether too random for me, but anyway…the suckiness continues, because from the main EULA, you have to open up more webpages to see OTHER EULA information. Anyone got time to squeeze in a few million lines of text before they install this thing? No? I wonder why.

You have to install Zango Adware to use the content on that site - and wouldn’t you know it if it’s ANOTHER site designed to pimp Zango on Myspace.”

Read more over at Vitalsecurity.Org. Because it’s all go at Paperghost’s gaff. Seeing as Zango love him so much. You can also discuss all Zango-Beating-Articles here in more detail…..if you wish.

Remember the 3 million dollar fine? Well you should so feast your eyes on this:

“Earlier this month, the FTC announced the proposed settlement of its investigation into Zango, makers of advertising software widely installed onto users’ computers without their consent or without their informed consent (among other bad practices).

We commend the proposed settlement’s core terms. But despite these strong provisions, bad practices continue at Zango — practices that, in our judgment, put Zango in violation of the key terms and requirements of the FTC settlement. We begin by explaining the proposed settlement’s requirements. We then present eight types of violations of the proposed settlement, with specific examples of each. We conclude with recommendations and additional analysis.

Except where otherwise indicated, this document describes only downloads we tested during November 2006 — current, recent installations and behaviors.”

Ben Edelman & Eric Howes continue in more detail which you can catch at BenEdelman.Org. And discuss in in more detail here.