May11
5:57 pm (UTC-7)   |   by Jonathan Leopando (Technical Communications)

yet-more-swine-flu-attacksSpammers know a thing or two about persistence, it seems. CNET reports a new Trojan—TROJ_QHOST.TB—that is the latest to take advantage of fears of swine flu. TROJ_QHOST.TB modifies the HOSTS file of any affected system, which results to the user being redirected to a spoofed banking-related website whenever they attempt to access the real ones. By which, users are placed at risk of getting their banking information stolen and having it used by an unauthorized user.

The attack is pretty similar to earlier ones that have also taken advantage of the swine flu. Spam messages with warnings contain either a link to a malicious website or an attachment to TROJ_QHOST.TB. In turn, the Trojan modifies the system’s HOSTS file to redirect users of certain Mexican banks to a specific IP address.

Fortunately, however, the said IP address doesn’t work anymore. However, there’s nothing that stops future variants—or other Trojans—from using the same lure. Users should consider themselves warned.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Monday, May 11th, 2009 at 5:57 pm and is filed under Security . You can leave a response, or trackback from your own site.



6 Responses to “Yet More Swine Flu Attacks”

Trackbacks

  1. TrendMicro (TrendMicro)
  2. kevinlcc (Kevin Lloyd)
  3. cybasurfa (cybasurfa)
  4. swineflu4you (swine flu)
  5. Influenza AH1N1 elevó a las nubes cantidad de spam | Netmedia.info
  6. Fake Presidential Swine Flu Stories Lead to Malware

Leave a Reply


Fake Antivirus Targets Brazil
Cybercriminals Launch Tainted Windows 7 RC


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice