Security researchers have identified a Trojan that hijacks Google text advertisements, replacing them with "ads" from a different provider that are likely to be laced with spyware. The Qhost-WU modifies an infected computer's hosts file, thereby poisoning systems with bogus DNS lookup records. The hosts file matches domain names …
Need to actively enable hosts?
Surely the simple solution here is for M$ to implement one of the security fixes that would require local host file lookup to be actively enabled?
The vast majority of users don't use it and probably don't even know its there. Now that it can be exploited in such a way it is a clear security vulnerability, ESPECIALLY given most windows users have read/write permissions to this file.
@ Bramo: A better answer
Install the hosts file provided by MVPS.ORG - and then set the hosts file to read-only mode.
Or run Linux and laugh at the pathetic attempts to introduce malware onto a secure OS.
Simply use Spybot Search & Destroy. Latest version actively locks the hosts file, preventing changes. And there's the added bonus of more security on top of that and active monitoring.
Attack the problem, forget about hosts file
If you have malicious code running on your system, necessary in order to change your hosts file, it's a bit beside the point that your advertisments are being hijacked.
Instead focus on the vulnerability that ALLOWED the hosts file to be changed, and be thankful the code didn't delete your My Documents folder or any number of other more sinister things than merely redirecting advertising.
This is about the least harmful trojan seen recently, mostly Google is raising a stink about "potential" malware sites to try to alarm people but mainly they're misleading a bit in that their primary concern is just keeping advertising dollars flowing as much as possible.
Paris Hilton connection?
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low