GoFuckYourself.com - Adult Webmaster Forum - New QHost Trojan Horse Virus Hidden In Banner Ads

Trojan Horse Bedevils Explorer Users

A new attack has been launched against Microsoft's Internet Explorer, this time in the form of a Trojan horse that hijacks the browser so that Web requests are redirected to a server chosen by the hacker. Security experts see the so-called "Qhost Trojan," which started appearing Wednesday, more as an annoyance than a serious threat, but it can cause problems for the vast number of Windows users.

Symptoms of attack include inability to connect to Web sites -- particularly inside a corporate network -- and misdirection to incorrect URLs when users attempt to reach popular search sites.

Search Engines Targeted

The attack involves a banner ad hosted by the Web address FortuneCity.com, which appears on the browser and then inserts a number of pop-up ads. That site has been taken down, but launches from other malicious sites are possible, security firm TruSecure said.

Qhost is unable to spread. In essence, it hijacks the user's domain-name server, exploiting a flaw discovered in the Explorer browser.

Explorer users attempting to access search engines, such as Google, Lycos or Yahoo (Nasdaq: YHOO - news), had their requests redirected by Qhost to the hacker's site, creating confusion and Internet-traffic slowdowns. "This is an example of a relatively benign attack, but one that does compromise the user's privacy," Russ Cooper of TruSecure told NewsFactor. Affected Explorer users are exposed to pop-up ads for pornography and gambling sites, he noted.

Also, he said, Qhost is causing a significant slowdown in the time it takes users to reach a requested Web site. "It doesn't erase files or cause any significant damage, at this point, but it could potentially enable hackers to install malicious code on a system without the user's knowledge," Cooper noted.

Targeting Windows

Hackers are drawn to Explorer and Windows-based computers, in general, because the chance of finding a vulnerable machine is much greater, given the millions of Microsoft customers, says Yankee Group analyst Eric Ogren.

A Trojan horse attack, such as Qhost, is particularly nefarious, he told NewsFactor, because it is so deceptive. It can enable hackers to put whatever type of malicious code they desire on a system without the user's knowledge.

Microsoft has yet to offer a patch for this vulnerability, which, contrary to some reports, is not addressed by the company's recent patches for Explorer holes. As with other attacks, security experts strongly advise users to update their antivirus signatures and install a personal firewall.

Qhost is the latest exploitation of Explorer vulnerabilities initially identified in August. In another recent attack, hackers used Web-page links and pop-up ads to grab control of instant-messaging accounts and insert malicious code that caused computers with dial-up Internet connections to call "900" phone numbers, which charge fees per call.