Our team of researches surfs the Internet on an everyday basis in search of the latest registry news and relevant information useful to visitors. This site strives to provide exciting registry information with two basic principles; Simplicity and Quality, with reference to the best information on registries.
The writers of the site present articles illustrated with images, while ensuring that the articles are both clear and concise in order to provide professional, yet easy to understand articles. Registry products and problems are analyzed and evaluated so as to present visitors with professional and factual articles. More...
Apr
27th

Malware that Modifies Hosts Files is Lurking in Your Computer

Author: Indre | Files under Fix slow PC

1malware.jpgIt seems that creators of rogue security products earn huge sums of money. There are various methods rogue software programs rely on to trick infected users and persuade them to buy their programs. To illustrate this case, let’s take a look at a new rogue anti-spyware program, Anti-virus-1.

After the installation of Anti-virus-1, the following entries were detected in the Windows hosts file:

O1 – Hosts: 217.20.175.74 www.review.2009softwarereviews.com
O1 – Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 – Hosts: 217.20.175.74 a1.review.zdnet.com
O1 – Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 – Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 – Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 – Hosts: 217.20.175.74 www.reviews.download.com
O1 – Hosts: 217.20.175.74 reviews.download.com
O1 – Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
O1 – Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 – Hosts: 217.20.175.74 reviews.pcmag.com
O1 – Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 – Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 – Hosts: 217.20.175.74 reviews.reevoo.com
O1 – Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 – Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 – Hosts: 217.20.175.74 www.reviews.techradar.com
O1 – Hosts: 217.20.175.74 reviews.techradar.com

Once these entries are added into your HOSTS file, whenever you attempt to go to any of the web sites stated above, you will be redirected to Anti-virus-1 without your knowledge.

Professional reviews are written for legitimate and popular sites in order to persuade computer users that the product is of high quality and make them purchase the product. Anti-virus-1 advertises itself in the same way. It even goes to the extent of modifying the HOSTS file, in order to redirect the user to false review pages from CNET, PC Magazine, Tech Radar, Reevo and ZDNet. You may follow this link to find out how the hosts files are modified.

Anti-virus-1 uses fake security alerts, screen savers of a blue screen crash taking place followed by a fake reboot, Internet Explorer hijacks, and finally fake product review sites in order to lure victims in. It really comes as no surprise that so many people are tricked into purchasing these types of software.

In terms of computer security, phishing is an illegal, spurious process which involves the atthostfile.jpgempt to obtain delicate information, like usernames, passwords and credit card details, by pretending to be a reliable item. The process that was mentioned above has similar attributes to this process called phishing. It is carried out by e-mail or instant messaging and often directs users to enter private financial details on a false website that looks the same as the legal one.

The hosts file can be used for malicious purposes. Adware, computer viruses, trojan horses etc. are able to edit the hosts file to redirect traffic from a legitimate “secure” site like Wikipedia to illegitimate sites hosting dangerous content to the user’s computer system. Are you sure that you are using the legitimate site and your sensitive data is safe?

Resources:
Anti-virus-1: a new rogue anti-spyware program
Understanding Phishing
Modifying hosts file

Post a Comment

Security Code: