CDROM-Guide forums

Go Back   CDROM-Guide forums > Main Forums > Open to All Computer Related Topics > Computer Networking & Security
FAQ Calendar Mark Forums Read
Open   CSec   Data   DevDrv   CoOp   Audio   CDRW   CDG   VCD   DVD   HD DVD   Mac   VGB   PS2   DC   Xbox  

Thread Tools Display Modes
Old Oct 08, 2003, 01:47 AM
backup2k1 backup2k1 is offline
Join Date: Apr 2001
Location: england,east sussex,canada
Posts: 1,741
Default Qhost Trojan watch out its abouts

sponsored links
hi watch out there a new program around that lets you get round any security on a pc

Faulty Patch Leaves IE Open to Attack

An incomplete patch has opened the door to the widespread exploitation of a vulnerability in Internet Explorer, and security experts say that there are at least four different methods being used by attackers to compromise vulnerable PCs.

Most recently, experts identified a new Trojan, known as Qhost-1, that has been discovered on a number of machines. However, the intent and possible uses of the program are somewhat unclear at this point. Qhost appears to change some of the DNS settings on infected machines and adds a couple of entries to the registry, but doesn't seem to take any other immediate actions.


What is clear, however, is that the patch issued by Microsoft Corp. in August to fix a pair of flaws in IE does not completely solve the problem.

"There's been a lot of confusion about the patch. It only addresses part of the issue within the vulnerability so it's open to other attacks," said Ken Dunham, malicious code intelligence manager at iDefense Inc., based in Reston, Va. "There's no protection against it. This is a massive problem."

The vulnerability itself is related to the way that IE handles HTML application files embedded in object tags. In order to exploit the weakness, an attacker would need only to entice a user to open a malicious e-mail or visit a Web site, where a Trojan or other malicious code could be automatically installed on the user's PC.

Of the three ways that a problematic HTML page needed to exploit this vulnerability can be created, the patch only prevents one from working, according to officials at the CERT Coordination Center in Pittsburgh. Several workarounds have been suggested, including disabling ActiveX controls in IE. Although, there are some reports that even this is not completely effective.

"A fully patched IE system is vulnerable to this," said Art Manion, Internet security ****yst at CERT. Manion said that editing the registry to delete a key related to the problem seems to be the most effective method of preventing exploitation, he said. The key that needs to be renamed or deleted is: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\ Content Type\application/hta.

In addition to the Qhost Trojan, Manion has seen another Trojan that exploits this vulnerability to steal users' AOL Instant Messenger passwords. There is also an exploit that installs a dialing program that calls out to an overseas toll number, and a fourth tool that installs an old back door program.

IE is the only browser vulnerable to this specific exploit, so users could also avoid infection by switching to an alternate browser, such as Netscape Navigator or Opera.

"If we don't see a [revised] patch come out soon, you'll definitely see people migrating to alternate browser," said Dunham. "If you're not worried, you should be."

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Newbie needs help with Trojan Glide Computer Networking & Security 20 Mar 11, 2012 03:48 AM
Trojan ,must read this goone Computer Networking & Security 0 Dec 14, 2003 07:19 AM
Is the Trojan gone meek_imp Computer Networking & Security 2 Aug 23, 2002 06:32 PM
help needed finding trojan peter_uk Computer Networking & Security 4 Aug 22, 2002 11:58 AM
trojan?? 420 Open to All Computer Related Topics 2 May 20, 2002 02:45 PM

All times are GMT -5. The time now is 06:23 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright © 1996-2009 All rights reserved