In the last days we have received a good number of new variants of rogue fake codec. That’s why we propose you a little game that consists in finding the differences between the images:

Rogue Fake Codecs

All these variants have been detected as Adware/VideoPlay. Their behavior is similar: when installing the program, a file, whose name is usually matrix(random numbers).exe or bootmatrix.exe, is run. This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed.

This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.

In the last month there has been an increase of almost 400% in the number of samples of this malware received in our inboxes comparing with the previous month.

 

Increase of Adware/VideoPlay

 

This nasty piece of malware is the same as the one that was being distributed using Digg and YouTube.