The new trojan replaces of search inquiries

Posted: January 16, 2013 in IT Security News
Tags: , ,

Vulnerability

The new trojan

The most active Trojan spreads in the U.S. state of Kansas. The company Dr. Web found a new malicious program that replaces the search queries. In addition, the Trojan also redirect users to malicious sites.

Once the virus gets on your computer, it creates a copy of itself in the folder% APPDATA% and making some changes to that part of the registry of Windows, which is responsible for the startup applications. Later the Trojans built into all running processes.

“If the Trojan to penetrate a browser process to Microsoft Internet Explorer, Mozilla Firefox, Maxton, Chrome, Safari, Mozilla, Opera, Netscape and Avant, it intercepts function WSPSend, WSPRecv and WSPCloseSocket”, – stated in the notice of experts from Dr. Web .

Trojan is capable of generating up to 20 domain names management servers to which he consistently refers encrypted during transmission request. If a user who was a victim of the trojan tries to search through the popular search engines (google.com, bing.com, yahoo.com, ask.com, search.aol.com, search.icq.com, search.xxx, www. wiki.com, alexa.com or yandex.com), then the input request is sent to the management server. The Trojan then gets a configuration file with a list of URLs, which will be forwarded to the browser and the user has issued the malicious Internet resources.

The experts were able to establish that the most extensive Trojan spreads in the U.S., particularly in the state of Kansas.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s