Getting a free sidedish with your order
The are enormours amounts of sites in the internet that offer free downloads on shareware/evaluation programs. Some of them screen (or atleast try to) the programs they are going to offer, some don’t. In addition to those, there are a huge bunch of sites that are outright malicious.
Most of these malicious sites have been made to look like being legitimate, with a lot of time spent on polishing the graphics to make it look nice. But is “nice” always good? I stumbled onto a site called anymp4.com that is allegedly run by LDSoft. Their products include various media converters and such. Also one thing they are dishing out of their systems is something called ZhengTo MUI. The files came out clean from virustotal, so it must be good, eh? Well, anyway the program contains a dll called ZhengTuHook.dll. The properties on the file point towards LDSoft, Beijing, China. The file is a password stealing DLL that hooks itself into the system, and sends stolen data via e-mail. The two e-mail addresses found in the code are:
hanxinchina@gmail.com
edward@anymp4.com
So, be careful on what you install and if you necessarily want to download “free” stuff from internet, use a more reputable source like cnet.com, download.com or the similar.
And for a quick chuckle, the following reference to debug symbols was found in the file:
d:\\Develope\\other\\virus\\AD_virus\\virus_funtion\\password_hook\\Bin\\ZhengTuHook.pdb