May 23, 2012
Doctor Web, a Russian IT security developer alerts users of Trojan.Hosts.5858 malware to spread out widely and threaten primarily German-speaking users. When victims send a request in their browsers, the Trojan redirects them to a criminal-owned website that forces them to pay to unlock Internet access using a credit card.
First of all, Trojan.Hosts.5858 downloads itself on computers already infected with BackDoor.Andromeda family malware which is capable of downloading executables from malicious sites. Trojan.Hosts.5858 might also be downloaded on an infected computer together with other Trojans, such as Trojan.Spambot.11349 and BackDoor.IRC.Aryan.1.
Once it runs itself in the operating system, Trojan.Hosts.5858 modifies the hosts file located in the Windows system folder and responsible for the translation of website network address into their DNS names. As a result, when trying to visit a popular online resource, such as Facebook, Google, Yahoo, etc., a browser is automatically redirected to a webpage specially created by attackers that displays a message in German that Internet access is blocked. To "unlock" the system, a user is prompted to provide virus writers with its banking card details.
View the article
The New Version of Trojan.Hosts To Extort Money From Foreign Users
Нет ответов в данной теме
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых