Feeds

Trojan hijacks web browsers

August IE patch may not offer full protection

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

A Trojan that exploits an Internet Explorer vulnerability is capable of allowing attackers to hijack browser behaviour, anti-virus firms warn.

The QHosts (Delude) Trojan can't spread by itself. Users only become infected if they visited a maliciously constructed website containing code which allows the malware to run.

This code used a critical object data vulnerability in Internet Explorer to execute.

More information about this vulnerability, including a (partial) fix, can be found in an advisory from Microsoft, issued back in August.

Some anti-virus vendors reckon that this patch will protect against the exploit. However, McAfee warns that the patch fails to protect against the automatic execution of VBScript contained in an HTML file, the infection mechanism used by QHosts.

AV firms are united in saying the latest Windows menace is low spreading, which is just as well. As usual Mac, Linux, OS/2 and Unix users are immune from infection.

According to McAfee, the purpose of this Trojan is to hijack browser use. When page requests are made, they are rerouted to specified Domain Name Servers. This allows a remote 'administrator' to direct users to the pages of their choosing.

This Trojan is responsible for recent reports of strange DNS changes on systems as recently reported on NTBUGTRAQ, McAfee believes.

Finnish AV firm F-Secure has noted two variants of the Trojan. An advisory by Symantec provides technical detail on the changes the Trojan makes to infected PCs.

Users are advised to update AV signature definitions so that security tools can block the Trojan in case a user is tricked (using spam or via other mechanisms) into visiting an infected Web site. ®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.