Author Topic: Virus can alter your host file  (Read 3305 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33756
  • malware fighter
Virus can alter your host file
« on: May 31, 2005, 03:19:52 PM »
Hello forum-friends,

Viruses like Mytob can alter your host file and associate the local host address 127.0.0.1 next to the AV company's URL. Should you find yourself unable for obtaining the latest anti-virus definitions, rename the old hostfile as HostsOld, delete the wrong hosts of the file, and save the edited file as hosts. Always a good thing to write down the chencksums of your hostfile to check later. Scam artists can also alter your hostfile. Fore-warned is fore-armed,

greetings,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

kamulko

  • Guest
Re: Virus can alter your host file
« Reply #1 on: May 31, 2005, 09:26:46 PM »
This MyTob has over 100 variants (today)... Today I've found this notice on a newspaper:"Europeans computers are over 60% like zombies-pc!"...  :o

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33756
  • malware fighter
Re: Virus can alter your host file
« Reply #2 on: May 31, 2005, 11:18:23 PM »
Hi Kamulko,

Mytob authors are very busy people, like you said there now is a generic detecting of over 100 variants of Mytob. Authors modify the source code and release new variants, some can be missed by scanning. Some are repackaged versions, the bot functionality is equal to the Sdbot family. Some newer Mytob iclude FU Rootkit, seeding of the files packed using UPX 49 KB in size, approx. 98 KB in size can be identified by hash or size, but the individual samples can not, because of the garbage at the end of the executable. When attachment is run the virus copies itself as wfdmgr.exe in stead of msnmsgr.exe in  C:\windows\system32 and creates registry keys to load file at start up. A nasty virus spreading by e-mail or via the LSASS vulnerability,

greetings,

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!