Fake codec found in AOL forum

Some blog posts on a forum page discussing James Frey's latest book contain video links that can infect users with a Trojan horse.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi

Visitors to AOL's main portal page may have seen a headline "Disgraced 'Oprah' Author Is Back" circulating, but those who clicked may have infected their computers, says Roger Thompson, Chief Research Officer of AVG Technologies.

Thompson said anyone clicking on the headline link would be taken to a legitimate forum page discussing James Frey's latest book, Morning. However, some of the blog posts on that page contained a link to a video site. In order to view the video associated with that post, the user would have to accept the installation of the video codec.

Upon accepting the codec download, the user's machine would become infected with the Zlob Trojan.

A spokesperson for AOL said: "The malware link referenced in the story appeared in the "Comments" section of an AOL News site, and was posted by an outside source. AOL has several tools and resources in place to quickly identify and remove dangerous or false links, and as a result, identified and removed the link from the site. Per our overall policies regarding user generated content, the person responsible for posting the link has been banned from posting on the site again, and all content posted by them has also been removed."

Thompson agrees that AOL's security is good and sees the incident as a warning. "If ever you have to install a codec to watch a video, don't. It's just not worth the risk," he said.