Another fake codec -- Windows and Mac

Typical Trojan DNS Changer, located at xerocodec(dot)net.

As is the pattern of these sites, the binaries are found through /download/(sitename).extension. So the Windows binary is xerocodec(dot)net/download/xerocodec(dot)exe and the Mac binary is xerocodec(dot)net/download/xerocodec(dot)dmg (there are more downloads in the same directory as well). And please — don’t touch these binaries unless you know what you’re doing, as they are live Trojans.

Alex Eckelberry
(Thanks Patrick)