This codec is not a codec.
I’ve been told that in Russian, the word Zlob is a part of “zlobny” (“evil” or “malicious”) and “zloba” (“animosity” or “anger”). Trojan.Zlob also is a long running and prevalent malware family that continues to be one of our user community’s highest hitting malware families. Its presence has been growing since 2005. While this blog hasn’t participated much in the geek drama describing this family, this one won’t leave the neighborhood.
In July 2007, it seemed that one of the individuals behind the software made a quick and somewhat quiet appearance. A mysterious poster by the handle “AnthW” claimed to be the project manager for this Rogueware stuff and attempted to legitimize the company’s software and business. He (or she) got hammered with criticism on the castlecops boards in a six page thread:
“My name in Anthony and I am project manager for the team, who created this software.”
Not something a mother would be proud of.
It seems that Anthony and the rest of the group continues to hide behind layers of deception. He posted that the group tried to help users clearly understand the software, by setting up a legitimate looking web site, which unsurprisingly does not provide any installers of their software:
“We have launched website that will help users to install/uninstall software. It also has online copy of EULA and contact email. URL is http://www.activexobj.com/
This will be included in our EULA in the next update.”
The site remains up. I’ve looked through the site to better understand how they help users to understand that what this company is distributing as a codec is not really a codec (Magritte, anyone?). Also, one half year later, I’ve been looking for changes that would be indicative of an online geniality, an honest effort to connect users that get infected with this adware with a description of what happened and instructions on how to uninstall. Unfortunately, that still isn’t happening, and users everywhere are tricked into running this stuff. Forums volunteering malware cleanup help reveal the frustration and confusion of users with Zlob on their systems (unfortunately, these traces also serve as a record of the security solutions running on the infected systems).
Instead, the developers of the software have been adding more layers of anti-debugging protection to the software.