|
|
|
|
|
|
|
|||
|
|
|||
|
|
|
|
|
|
|
|||
|
|
|||
|
|
|||
|
||||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
Trojan viruses/Spyware are now modifying the HOSTS file on your computer to redirect you to their fake webpages, making you a victim to Phishing attack.
Do not follow the advice of the Anti-Phishing Working Group (APWG) who tells you to trust your bank after writing directly into the Internet Explorer address field (URL)!
By writing the exact address to your personal bank directly into the internet explorer URL field, you may be sent to a phisher’s bank page where your banking account information will be phished and your money stolen!
By spamming millions of emails to outlook users, the phisher reaches a large audience which are vulnerable to ActiveX scripts. You don’t even have to open the email! By clicking the email, with the default preview in Outlook or Outlook express on, to delete it, a script executes installation of Trojan horse viruses which modifies the HOSTS file.
Once again, if you follow the advice of the APWG and write directly
into the browser addressline without having control over your hosts file,
you may be the next victim to phishing!
What is HOSTS file? ( for an easy
understandable explanation)
The HOSTS file is a fast look up IP-address to domain name translation stored
on your computer so your browser can find the web page you want faster without
a query to a DNS.
The JS/QHosts21-A is a Trojan horse phishing attack which is captured through
just clicking an email and which modifies your HOSTS file to send you to a
bogus duplicate web site of your bank. All you have to do is log in and phishers
get your account information.
Until now this type of phishing attack has been seen in very low numbers in the wild, and currently is targeting banks only in Brazil. Allthough this version is a simple one many security experts expect it -- and other, more advanced threats -- to wash up on U.S. shores soon.
Brazilian hackers have been creating an army of Trojans designed to wait until you visit the real, bona fide banking Web site." Once you visit a banking site, these Trojan horses spring into action. They launch a keylogger that captures your user name and password, and they also collect screen shots of the activity on your PC.
"In other words, no bogus Web site needs to be created at all (less hassle for the hackers, and less chance of there being clues in the creation of the bogus Web site), and they rely on users doing exactly what we tell them to do -- visit the real, legitimate Web site," says Graham Cluley, a senior technology consultant with Sophos antivirus.
Deleting hosts file how easy fast? It should be simple! Wrong!
If you have a problem with “my hosts file keeps changing” or can’t delete your hosts file, there is a good chance you have a Trojan on your computer. Usually the hosts file reappears because of a Trojan horse virus is constantly rebuilding them. Fighting to delete the hostsfile is in vain if you don’t get rid of the virus first.
The way to remove these depends on each type of virus or spyware. You can find some ways to manually remove some Trojans here: spyware-removal.com
Other than that, you need a anti-spyware or anti virus program which works against Trojan horses.
A way to reduce the risk of HOSTS phishing is to write protect your HOSTS
file. This can be done manually by right clicking your hosts file and selecting
write protect. However, it won't be enough because write protection can be
change programatically. You can get a number of utilities that will tell you
when the hosts file has been modified or possibly even warn you when a program
is trying to modify it. The best advice would be to keep your anti virus and
anti spyware uptodate.
Keep your windows security updated and on high settings to avoid ActiveX script vulnerabilities.
For more information about spyware visit spyware-removal.com. This gives good information on how to manually remove spyware. You can also find a free scan of your computer and a free downloadable trial version of Spysweeper.com here.