Feeds

Trojan hijacks web browsers

August IE patch may not offer full protection

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

A Trojan that exploits an Internet Explorer vulnerability is capable of allowing attackers to hijack browser behaviour, anti-virus firms warn.

The QHosts (Delude) Trojan can't spread by itself. Users only become infected if they visited a maliciously constructed website containing code which allows the malware to run.

This code used a critical object data vulnerability in Internet Explorer to execute.

More information about this vulnerability, including a (partial) fix, can be found in an advisory from Microsoft, issued back in August.

Some anti-virus vendors reckon that this patch will protect against the exploit. However, McAfee warns that the patch fails to protect against the automatic execution of VBScript contained in an HTML file, the infection mechanism used by QHosts.

AV firms are united in saying the latest Windows menace is low spreading, which is just as well. As usual Mac, Linux, OS/2 and Unix users are immune from infection.

According to McAfee, the purpose of this Trojan is to hijack browser use. When page requests are made, they are rerouted to specified Domain Name Servers. This allows a remote 'administrator' to direct users to the pages of their choosing.

This Trojan is responsible for recent reports of strange DNS changes on systems as recently reported on NTBUGTRAQ, McAfee believes.

Finnish AV firm F-Secure has noted two variants of the Trojan. An advisory by Symantec provides technical detail on the changes the Trojan makes to infected PCs.

Users are advised to update AV signature definitions so that security tools can block the Trojan in case a user is tricked (using spam or via other mechanisms) into visiting an infected Web site. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.