On 27 Nov 2004 at 10:04, Paul D. Robertson wrote:
> > 2. Do they pose as legit web sites to unsuspecting
> > users, or hiding in the guise of a famous web site but
> > in fact doing a MITM attack?
>
> That happens too, for instance, recently there's been a spate of
> Windows malware changing hosts file entries to get the site's traffic
> redirected to them, even if the user types the URL in their browser.
Modifying or substituting hosts.txt is common to browser hijacking
spyware and spyware that install RATs. Pestpatrol identifies NetBus
and the "paradise" family among spyware that monkey with hosts files.
Coolwebsearch variants are notorious for this. Merijn's written an
extensive investigation into CWS at
http://www.spywareinfo.com/~merijn/cwschronicles.html
Minor plug. If you're interested in more, visit my spyware
information page at hhi.corecom.com/spyware.htm - nothing to purchase
unless you visit an ad by google:-)
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Dec 03 2004
Intro
