Zlob is a trojan horse which masquerades as a needed video codec in the form of ActiveX. Zlob allows a remote attacker to perform various malicious actions on the compromised computer. It was first detected in late 2005. However, it wasn't until mid-2006 that it started gaining attention. Once installed, it displays popup ads with appearance similar to real Microsoft Windows warning popups, informing the user that their computer is infected with spyware. Clicking these popups trigger the download of a fake anti-spyware program (such as Virus Heat) in which the trojan horse is hidden.