Spammers know a thing or two about persistence, it seems. CNET reports a new Trojan—TROJ_QHOST.TB—that is the latest to take advantage of fears of swine flu. TROJ_QHOST.TB modifies the HOSTS file of any affected system, which results to the user being redirected to a spoofed banking-related website whenever they attempt to access the real ones. By which, users are placed at risk of getting their banking information stolen and having it used by an unauthorized user.
The attack is pretty similar to earlier ones that have also taken advantage of the swine flu. Spam messages with warnings contain either a link to a malicious website or an attachment to TROJ_QHOST.TB. In turn, the Trojan modifies the system’s HOSTS file to redirect users of certain Mexican banks to a specific IP address.
Fortunately, however, the said IP address doesn’t work anymore. However, there’s nothing that stops future variants—or other Trojans—from using the same lure. Users should consider themselves warned.