TrojanClicker.Win32.QHost
Details
TrojanClicker.Win32.QHost.a
TrojanClicker.Win32.Qhost is a family of Trojan horses that primarily replace or alter the HOSTS file in which corresponding IP addresses and names of remote computers are held. Usually this leads to an increase in incoming traffic to the sites. To accomplish this a rule is used for expanding file names in TCP/IP: first the HOSTS file is examined and if there is no correspondence found, names are converted so that network services permit the name (more details can be found in operating system documentation).
Once the Trojan program is run, it modifies the HOSTS file by writing to it false correspondences such as:
645238813 auto.search.msn.com
38.117.144.29 www.altavista.com
This is done so that when handled by the msn.com and altavista.com servers the operating system detects a corresponding entry in the HOSTS file and sends a request to the 38.117.144.29. IP address.
The Trojan mainly uses high traffic and well-known Internet sites in order that the stream of requests to the false IP address is as great as possible.
Evildoers may be seeking to:
organize a DoS (denial of service) attack on a server
increase traffic to his or her site in order to increase advertising value
attract potential virus victims
Related Posts