News: Beware QHosts

By | October 4, 2003
 All you need to do to be infected by this virus is visit the homepage of Web hosting provider FortuneCity.com. CNET reports that a malicious program, dubbed QHosts, infects PCs using a recent flaw in Microsoft’s Internet Explorer to take control of how computers look up Internet addresses. The program takes advantage of a critical flaw in Internet Explorer , which Microsoft has made an integral part of its Windows operating system. The Trojan horse used a banner ad that the attacker somehow placed there to install the Trojan horse on the user’s PC.
 
The QHosts program then changes the Internet addresses of the computers the infected PC will go to to resolve unknown Web sites and domain names. Known as the domain name service (DNS) servers, such computers are generally operated by a trusted organization, such as an Internet service provider. However, QHosts will send the requests to other servers, which Schmugar believes are likely to be owned by the originator of the Trojan horse.
 
This raises a few troubling questions, such as: How did the banner ad get there? And what is the purpose of the trojan? Is it just malicious or is it commercially related? We should be told.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.