The most active Trojan spreads in the U.S. state of Kansas. The company Dr. Web found a new malicious program that replaces the search queries. In addition, the Trojan also redirect users to malicious sites.
Once the virus gets on your computer, it creates a copy of itself in the folder% APPDATA% and making some changes to that part of the registry of Windows, which is responsible for the startup applications. Later the Trojans built into all running processes.
“If the Trojan to penetrate a browser process to Microsoft Internet Explorer, Mozilla Firefox, Maxton, Chrome, Safari, Mozilla, Opera, Netscape and Avant, it intercepts function WSPSend, WSPRecv and WSPCloseSocket”, – stated in the notice of experts from Dr. Web .
Trojan is capable of generating up to 20 domain names management servers to which he consistently refers encrypted during transmission request. If a user who was a victim of the trojan tries to search through the popular search engines (google.com, bing.com, yahoo.com, ask.com, search.aol.com, search.icq.com, search.xxx, www. wiki.com, alexa.com or yandex.com), then the input request is sent to the management server. The Trojan then gets a configuration file with a list of URLs, which will be forwarded to the browser and the user has issued the malicious Internet resources.
The experts were able to establish that the most extensive Trojan spreads in the U.S., particularly in the state of Kansas.