The Sunbelt blog is currently reporting on the fake codec sites that push the Zlob Trojan, with screenshots of the sites. Everyone should take a look so they know that these are dangerous scam sites.
Beware: the Zlob Trojan is morphed every few hours, so your AV program is unlikely to detect the Trojan. (Only Avira seems to have a successful generic detection.)
http://sunbeltblog.blogspot.com/This article (previously posted by Tech) may prove interesting regarding virus obfuscation techniques:
http://www.virusbtn.com/virusbulletin/archive/2006/03/vb200603-packedI assume Zlob is doing something like this.
EDIT:
Authentium, F-Prot and VirusBuster seem to have generic detection as well. Kaspersky usually detects them, but I've seen it miss one. NOD32 got this one but missed one I tried yesterday.