New QHost Trojan Horse Virus Hidden In Banner Ads - GoFuckYourself.com

KRL · 10-03-2003, 01:42 PM

Trojan Horse Bedevils Explorer Users

A new attack has been launched against Microsoft's Internet Explorer, this time in the form of a Trojan horse that hijacks the browser so that Web requests are redirected to a server chosen by the hacker. Security experts see the so-called "Qhost Trojan," which started appearing Wednesday, more as an annoyance than a serious threat, but it can cause problems for the vast number of Windows users.

Symptoms of attack include inability to connect to Web sites -- particularly inside a corporate network -- and misdirection to incorrect URLs when users attempt to reach popular search sites.

Search Engines Targeted

The attack involves a banner ad hosted by the Web address FortuneCity.com, which appears on the browser and then inserts a number of pop-up ads. That site has been taken down, but launches from other malicious sites are possible, security firm TruSecure said.

Qhost is unable to spread. In essence, it hijacks the user's domain-name server, exploiting a flaw discovered in the Explorer browser.

Explorer users attempting to access search engines, such as Google, Lycos or Yahoo (Nasdaq: YHOO - news), had their requests redirected by Qhost to the hacker's site, creating confusion and Internet-traffic slowdowns. "This is an example of a relatively benign attack, but one that does compromise the user's privacy," Russ Cooper of TruSecure told NewsFactor. Affected Explorer users are exposed to pop-up ads for pornography and gambling sites, he noted.

Also, he said, Qhost is causing a significant slowdown in the time it takes users to reach a requested Web site. "It doesn't erase files or cause any significant damage, at this point, but it could potentially enable hackers to install malicious code on a system without the user's knowledge," Cooper noted.

Targeting Windows

Hackers are drawn to Explorer and Windows-based computers, in general, because the chance of finding a vulnerable machine is much greater, given the millions of Microsoft customers, says Yankee Group analyst Eric Ogren.

A Trojan horse attack, such as Qhost, is particularly nefarious, he told NewsFactor, because it is so deceptive. It can enable hackers to put whatever type of malicious code they desire on a system without the user's knowledge.

Microsoft has yet to offer a patch for this vulnerability, which, contrary to some reports, is not addressed by the company's recent patches for Explorer holes. As with other attacks, security experts strongly advise users to update their antivirus signatures and install a personal firewall.

Qhost is the latest exploitation of Explorer vulnerabilities initially identified in August. In another recent attack, hackers used Web-page links and pop-up ads to grab control of instant-messaging accounts and insert malicious code that caused computers with dial-up Internet connections to call "900" phone numbers, which charge fees per call.

Mr.Fiction · 10-03-2003, 01:44 PM

Hopefully MS will release a patch to protect people's hosts file.

There have been some adult sites hijacking hosts files for quite a while now. Just do a search on GFY.

bigdog · 10-03-2003, 03:10 PM

is this some activex hack?

Keev · 10-03-2003, 03:43 PM

http://gofuckyourself.com/showthread...hreadid=182265

10-03-2003, 01:42 PM	#1
KRL Entrepreneur Join Date: Oct 2002 Location: USA Posts: 31,429	New QHost Trojan Horse Virus Hidden In Banner Ads Trojan Horse Bedevils Explorer Users A new attack has been launched against Microsoft's Internet Explorer, this time in the form of a Trojan horse that hijacks the browser so that Web requests are redirected to a server chosen by the hacker. Security experts see the so-called "Qhost Trojan," which started appearing Wednesday, more as an annoyance than a serious threat, but it can cause problems for the vast number of Windows users. Symptoms of attack include inability to connect to Web sites -- particularly inside a corporate network -- and misdirection to incorrect URLs when users attempt to reach popular search sites. Search Engines Targeted The attack involves a banner ad hosted by the Web address FortuneCity.com, which appears on the browser and then inserts a number of pop-up ads. That site has been taken down, but launches from other malicious sites are possible, security firm TruSecure said. Qhost is unable to spread. In essence, it hijacks the user's domain-name server, exploiting a flaw discovered in the Explorer browser. Explorer users attempting to access search engines, such as Google, Lycos or Yahoo (Nasdaq: YHOO - news), had their requests redirected by Qhost to the hacker's site, creating confusion and Internet-traffic slowdowns. "This is an example of a relatively benign attack, but one that does compromise the user's privacy," Russ Cooper of TruSecure told NewsFactor. Affected Explorer users are exposed to pop-up ads for pornography and gambling sites, he noted. Also, he said, Qhost is causing a significant slowdown in the time it takes users to reach a requested Web site. "It doesn't erase files or cause any significant damage, at this point, but it could potentially enable hackers to install malicious code on a system without the user's knowledge," Cooper noted. Targeting Windows Hackers are drawn to Explorer and Windows-based computers, in general, because the chance of finding a vulnerable machine is much greater, given the millions of Microsoft customers, says Yankee Group analyst Eric Ogren. A Trojan horse attack, such as Qhost, is particularly nefarious, he told NewsFactor, because it is so deceptive. It can enable hackers to put whatever type of malicious code they desire on a system without the user's knowledge. Microsoft has yet to offer a patch for this vulnerability, which, contrary to some reports, is not addressed by the company's recent patches for Explorer holes. As with other attacks, security experts strongly advise users to update their antivirus signatures and install a personal firewall. Qhost is the latest exploitation of Explorer vulnerabilities initially identified in August. In another recent attack, hackers used Web-page links and pop-up ads to grab control of instant-messaging accounts and insert malicious code that caused computers with dial-up Internet connections to call "900" phone numbers, which charge fees per call. __________________ If you would like to develop your domains, you can lease inexpensive foreign labor from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION! * * * * * * * * * * * * Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

10-03-2003, 03:43 PM	#4
Keev Confirmed User Join Date: May 2001 Posts: 5,335	http://gofuckyourself.com/showthread...hreadid=182265 __________________ ReliableServers.com - NO REF LINK!

10-03-2003, 01:44 PM	#2
Mr.Fiction Confirmed User Join Date: Feb 2002 Location: Free Speech Land Posts: 9,484	Hopefully MS will release a patch to protect people's hosts file. There have been some adult sites hijacking hosts files for quite a while now. Just do a search on GFY.

10-03-2003, 03:10 PM	#3
bigdog Confirmed User Join Date: Jul 2001 Posts: 6,964	is this some activex hack?