There seems to be a common belief that malware only lands on a computer through e-mails. This is far from being the case. Our ThreatSense statistics shows that a lot of Internet users fall for social engineering on web pages and are tricked into installing fake programs. As David Harley pointed out on his blog (http://blogs.securiteam.com/index.php/archives/1029), convincing users into downloading and running a program is more effective than any software vulnerability to infect systems.

One of the most common deception technique used by malware authors is to create websites with interesting content that will get indexed by search engines, for example spicy videos. The catch is that to view the video they need to install a codec. The word codec comes from code / decode, it is a device (hardware or software) used to encode data to reduce its size, making it easier to transfer over a network. We have seen numerous web pages like the screenshot below offering fake codecs. Most of the files downloaded from these malicious pages are variants of the Zlob malware family and should be avoided at all cost.

Another usual imposter we observe are fake antivirus, antispyware and antiadware programs.For example, users who mistype an Australian domain name and add a double extension (.com.au.com) will be redirected to a warning message inciting them into downloading 'antispyware'.

The downloaded file will not necessarily be malicious but we strongly recommend verifying a company’s credentials and certifications before downloading and installing one of their programs.

Pierre-Marc Bureau
Researcher