This morning I’ve taken some time to scan my content filter logs from the past two weeks. Normally I look through them every few days, but I’ve been on a well deserved extended vacation.
It seems that some network users have been searching for video of the Benazir Bhutto assassination. There have been quite a few recent reports of malicious Blogger sites that advertise the video, but when users try to view it, they are told they do not have a required codec installed. They are prompted to download the codec, which results in a Zlob trojan downloading and installing to their system – see the McAfee blog for details and images.
My content filter logs show four or five users successfully downloading the offensive codec. I’m hoping that our desktop anti-virus software and group policy stopped the malware installation, but I’m not holding my breath. I wrote a script that’s scanning all machines for the fake codec, but I’ll probably have to wait until school resumes on Monday, January 8th to scan the entire network. Only a very few users are woring this week, so hopefully that will help contain the infestation.