Feeds

back to article Ad hijacking Trojan targets Google

Security researchers have identified a Trojan that hijacks Google text advertisements, replacing them with "ads" from a different provider that are likely to be laced with spyware. The Qhost-WU modifies an infected computer's hosts file, thereby poisoning systems with bogus DNS lookup records. The hosts file matches domain names …

COMMENTS

This topic is closed for new posts.

Need to actively enable hosts?

Surely the simple solution here is for M$ to implement one of the security fixes that would require local host file lookup to be actively enabled?

The vast majority of users don't use it and probably don't even know its there. Now that it can be exploited in such a way it is a clear security vulnerability, ESPECIALLY given most windows users have read/write permissions to this file.

0
0
Alert

@ Bramo: A better answer

Install the hosts file provided by MVPS.ORG - and then set the hosts file to read-only mode.

Or run Linux and laugh at the pathetic attempts to introduce malware onto a secure OS.

0
0

Easier way

Simply use Spybot Search & Destroy. Latest version actively locks the hosts file, preventing changes. And there's the added bonus of more security on top of that and active monitoring.

0
0
Anonymous Coward

Attack the problem, forget about hosts file

If you have malicious code running on your system, necessary in order to change your hosts file, it's a bit beside the point that your advertisments are being hijacked.

Instead focus on the vulnerability that ALLOWED the hosts file to be changed, and be thankful the code didn't delete your My Documents folder or any number of other more sinister things than merely redirecting advertising.

This is about the least harmful trojan seen recently, mostly Google is raising a stink about "potential" malware sites to try to alarm people but mainly they're misleading a bit in that their primary concern is just keeping advertising dollars flowing as much as possible.

0
0
Paris Hilton

Eh?

Paris Hilton connection?

0
0
This topic is closed for new posts.