Rivergater
Member
i read this on hot-deals.org and i couldn't find info on it anywhere else. is it a hoax?
Important Virus Warning: No one seems to have picked up on this yet, not Norton, not any news agencies, no one. So you saw it here first (Feb 23 6:30am est). This "virus" is probably one of the worst I've seen in a LONG time. Somehow, an application can get on your system, probably through a harmless looking email saying that you just received a Electronic Greeting Card, that can rewrite your HOSTS file on your Windows PC. It took me nearly 4 hours of monitoring system files and data packets for me to completely remove and track down those responsible for this virus. Here's how it works:
A user receives a friendly-looking email, such as a greeting card is waiting at a URL.
A user hits the URL with IE, which runs an impressive script. I believe the script writes a tiny DLL in the user's Internet Explorer directory, but I'm not 100% certain on that. However it does rewrite the user's sacred hosts file within the Windows system folder. The hosts file contains hundreds of popular website names, redirecting the user to a third-party. Popular website include Yahoo, Google, and even money-exchange websites such as PayPal and C2It.
Using any browser, the end-user types in www.yahoo.com or www.paypal.com or some URL that is matched with a new entry in the user's hosts file, and their HTTP requests are redirected to 64.154.222.199. That website is programmed to read a browser's intended destination URL (such as www.yahoo.com), then it tells the end- user's browser to call the real intended website along with a hidden frame. The end-user would have no idea that their entire web request was initially established via a malicious-intent third-party, especially since the main frame does contain the real website. To the end-user, it would appear that the indended URL is called successfully with nothing out of the ordinary.
Important Virus Warning: No one seems to have picked up on this yet, not Norton, not any news agencies, no one. So you saw it here first (Feb 23 6:30am est). This "virus" is probably one of the worst I've seen in a LONG time. Somehow, an application can get on your system, probably through a harmless looking email saying that you just received a Electronic Greeting Card, that can rewrite your HOSTS file on your Windows PC. It took me nearly 4 hours of monitoring system files and data packets for me to completely remove and track down those responsible for this virus. Here's how it works:
A user receives a friendly-looking email, such as a greeting card is waiting at a URL.
A user hits the URL with IE, which runs an impressive script. I believe the script writes a tiny DLL in the user's Internet Explorer directory, but I'm not 100% certain on that. However it does rewrite the user's sacred hosts file within the Windows system folder. The hosts file contains hundreds of popular website names, redirecting the user to a third-party. Popular website include Yahoo, Google, and even money-exchange websites such as PayPal and C2It.
Using any browser, the end-user types in www.yahoo.com or www.paypal.com or some URL that is matched with a new entry in the user's hosts file, and their HTTP requests are redirected to 64.154.222.199. That website is programmed to read a browser's intended destination URL (such as www.yahoo.com), then it tells the end- user's browser to call the real intended website along with a hidden frame. The end-user would have no idea that their entire web request was initially established via a malicious-intent third-party, especially since the main frame does contain the real website. To the end-user, it would appear that the indended URL is called successfully with nothing out of the ordinary.
