|PandaLabs has detected the appearance of Zcodec, a malicious program which uses a rootkit to hide its malicious actions. It also alters Internet search results and installs other malicious code on the system.|
Zcodec is included in a program that supposedly installs the codecs needed to play a certain multimedia format. When users are about to install this application, a user licence window is displayed. However, no codec is installed, and the program does not wait for users to accept or reject the licence agreement, as when they click on the downloaded file, Zcodec is installed on the computer.
The first of these modifies the DNS settings on the compromised computer so that when a user clicks on results returned from search engines such as Google, a different page is displayed. This tactic is exploited by the creators of the program in order to profit from pay-per-click systems, or even to redirect users to pages designed to steal confidential data.
“The combination of different techniques is becoming a frequent trait of computer attacks. In this case we see social engineering, rootkits, Trojans and even the manipulation of computer settings. The aim of the creators is to infect computers without arousing suspicion. Given that there are many such malicious programs on the Internet, it is vital to protect systems with a good anti-virus, which objectively scans each file on the computer,” explains Jeremy Matthews, MD of Panda Software SA.
Malware alters Internet search results using a rootkit