Home / malware Trojan.HTML.Zlob
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.HTML.Zlob is also known as JS/Zlob!tr.dldr, TrojanDownloader:JS/Zlob, Trojan.HTML.Agent.
Explanation :
This malware is part of a web page that asks the user to download a certain codec or ActiveX component that supposedly helps viewing the content of an (inexistent) video file embedded in the page.
The malware is not capable installing itself on the user's computer. It has to do this by tricking the user into believing it has to install the "codec" and by showing the message over and over again, even if the user tries to close the page.
It has the following behaviour :
Receiving messages from the browser : "Video ActiveX Object Error. Your browser cannot play this video file.Click 'OK' to download and install missing Video ActiveX Object." when the user accesses some webpage. If the user cancels the request then he receives, in a loop, this message : "Please install new version of Video ActiveX Object."Then it will give the user an executable to install on the computer. Usually this is "ActiveX" related or "video codecs" related.The pages change rapidly and they usually contain reference to codecs : VideoAccessCodec, VideoSoftOnline, CodecPro, VipCodecVip, IXCodec, MoonCodec , or to video enhancers: VideoAdaptation, SoftWebVideo.When given the approval and getting installed the malware takes these steps ( http://www.bitdefender.com/VIRUS-1000125-en--Trojan.Zlob.2.Gen.html )Last update 21 November 2011