During the past few months, a lot of fake codec websites have turned up, fooling users into downloading “video codecs” which are nothing more but variants of TROJ_ZLOB. It seems that the perpetrators have taken a step further and enhanced their social engineering tactic. A new ZLOB website has emerged and this time it fools users into thinking that it is YouTube or at least a part of YouTube.

Calling itself AdultTuba, this malicious website takes advantage of the foolhardy web surfer’s penchant for pornographic video. Because its design is patterned after Youtube.com, an unsuspecting user would assume that the site is a part of or at least affiliated with the popular video sharing website. When the user attempts to view any of the uploaded videos, it tells the user that a codec is needed to watch the video. It provides a link from where the codec can be downloaded. But the file that is downloaded is a Zlob variant, which Trend Micro detects as TROJ_ZLOB.DSI. The much coveted porno clip is not shown to the user by the way.

As a precaution, observe safe browsing practices since most of the prevalent malware use the web as mechanism to distribute themselves. Malware such as ZLOB capitalize on user demand for digital media. Don’t let the website’s familiar-looking design fool you. There are no video clips residing in this website and the so-called codecs that they are offering you for download are just TROJ_ZLOB variants.