Feeds

Trojan hijacks web browsers

August IE patch may not offer full protection

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

A Trojan that exploits an Internet Explorer vulnerability is capable of allowing attackers to hijack browser behaviour, anti-virus firms warn.

The QHosts (Delude) Trojan can't spread by itself. Users only become infected if they visited a maliciously constructed website containing code which allows the malware to run.

This code used a critical object data vulnerability in Internet Explorer to execute.

More information about this vulnerability, including a (partial) fix, can be found in an advisory from Microsoft, issued back in August.

Some anti-virus vendors reckon that this patch will protect against the exploit. However, McAfee warns that the patch fails to protect against the automatic execution of VBScript contained in an HTML file, the infection mechanism used by QHosts.

AV firms are united in saying the latest Windows menace is low spreading, which is just as well. As usual Mac, Linux, OS/2 and Unix users are immune from infection.

According to McAfee, the purpose of this Trojan is to hijack browser use. When page requests are made, they are rerouted to specified Domain Name Servers. This allows a remote 'administrator' to direct users to the pages of their choosing.

This Trojan is responsible for recent reports of strange DNS changes on systems as recently reported on NTBUGTRAQ, McAfee believes.

Finnish AV firm F-Secure has noted two variants of the Trojan. An advisory by Symantec provides technical detail on the changes the Trojan makes to infected PCs.

Users are advised to update AV signature definitions so that security tools can block the Trojan in case a user is tricked (using spam or via other mechanisms) into visiting an infected Web site. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.