Malware which comes with its own "hosts" file to install in \system32\drivers\etc\hosts is pretty common. Usually, these changes are made with the intention to keep the infected system from updating its virus pattern files and OS patches - eg. by adding an entry that makes "update.microsoft.com" resolve to 127.0.0.1 (localhost), and hence prevents the updater from connecting. A malware sample that we analyzed earlier today pulled a hosts file from txt<dot>kxwii<dot>com/ad.jpg. The file contains 200 or so domains that are reconfigured to point to 127.0.0.1 ... but, surprisingly, not domains of commercial software. Rather, it looks like a turf war is in progress between malwares, and this particular species tries to null out the connections of the competition. Now if only they could find a way to fight each other directly, without involving us bystanders at all :).
|
Daniel 375 Posts ISC Handler Feb 23rd 2009 |
Thread locked Subscribe |
Feb 23rd 2009 1 decade ago |
Or we could all install a piece of malware from each 'gang' and we should end up protected against all of them...
|
Anonymous |
Quote |
Feb 24th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!