Wincodecdownload.com
Another malicious domain. The setup file available on the site is malicious. The setup file installs a malicious BHO which displays the following image below the browser address bar.
BHO Details:
Filename: IECodec.dll
Hijack this entry:
O2 - BHO: IECodecBHO - {4507C219-24AA-4813-9561-A2003F9920C3} - C:\Program Files\IECodec\IECodec.dll
Screeenshot taken after installing the malicious setup file.
Once you click on the link provided in the image it takes you to privacy-tower.com website. The site uses a scare scan tactics to scare the users into purchasing a rogue security application.
The site privacy-tower.com uses the IP address 206.161.200.43, which then redirects users into downloading Anti-Virus-Pro (from anti-virus-pro.com) a well documented Rogue security application.
The Privacy-Scanner.com and PrivacyTower.com are clone sites of privacy-tower.com which also redirects users into downloading Anti-Virus-Pro
Privacy-Scanner.com\PrivacyTower.com\Privacy-Tower.com Scare scan page 
Further site vscodecsupport.com (203.121.111.143) works as a data repository for wincodecdownload.com.
Currently none of the security applications on Virustotal flags the setup file as malicious.
Only two scanners detect the BHO as malicious.
Virustotal scan Result: 2/32 (6.25%)
AntiVir 7.6.0.45 2007.12.13 HEUR/Malware
Webwasher-Gateway 6.6.2 2007.12.13 Heuristic.Malware
Currently none of the security applications on Virustotal flags the setup file as malicious.
Only two scanners detect the BHO as malicious.
Virustotal scan Result: 2/32 (6.25%)
AntiVir 7.6.0.45 2007.12.13 HEUR/Malware
Webwasher-Gateway 6.6.2 2007.12.13 Heuristic.Malware
Stay away from these sites.
Bharath M N
