Internet threat level: 1
Home→Descriptions→Trojan.Win32.Qhost.gl
Trojan.Win32.Qhost.gl
| Detected | Apr 20 2006 15:49 GMT |
| Released | Apr 20 2006 15:49 GMT |
| Published | May 11 2006 16:04 GMT |
Technical Details
This Trojan is a modified Windows %System%\drivers\etc\hosts file, which is used to translate domain names (DNS) to IP addresses. The file is modified in such a way as to prevent the user from viewing the sites listed below.
The following strings are added to the hosts file.
# DO NOT REMOVE IT !
127.0.0.1 nwolb.com
127.0.0.1 hsbc.co.uk
127.0.0.1 www.hsbc.co.uk
127.0.0.1 abbey.com
127.0.0.1 www.abbey.com
127.0.0.1 www.abbey.co.uk
127.0.0.1 abbey.co.uk
127.0.0.1 cahoot.com
127.0.0.1 www.cahoot.com
127.0.0.1 www.cahoot.co.uk
127.0.0.1 cahoot.co.uk
127.0.0.1 www.co-operativebank.co.uk
127.0.0.1 co-operativebank.co.uk
127.0.0.1 www.co-operativebank.com
127.0.0.1 co-operativebank.com
127.0.0.1 welcome2.co-operativebankonline.co.uk
127.0.0.1 welcome6.co-operativebankonline.co.uk
127.0.0.1 welcome8.co-operativebankonline.co.uk
127.0.0.1 welcome10.co-operativebankonline.co.uk
127.0.0.1 www.smile.co.uk
127.0.0.1 smile.co.uk
127.0.0.1 www.cajamar.es
127.0.0.1 cajamar.es
127.0.0.1 www.cajamar.com
127.0.0.1 cajamar.com
127.0.0.1 www.unicaja.es
127.0.0.1 unicaja.es
127.0.0.1 www.unicaja.com
127.0.0.1 unicaja.com
127.0.0.1 www.caixagalicia.es
127.0.0.1 caixagalicia.es
127.0.0.1 www.caixagalicia.com
127.0.0.1 caixagalicia.com
127.0.0.1 activa.caixagalicia.es
127.0.0.1 www.caixapenedes.es
127.0.0.1 caixapenedes.es
127.0.0.1 www.caixapenedes.com
127.0.0.1 caixapenedes.com
127.0.0.1 bancae.caixapenedes.com
127.0.0.1 www.caixasabadell.es
127.0.0.1 caixasabadell.es
127.0.0.1 www.caixasabadell.net
127.0.0.1 caixasabadell.net
127.0.0.1 www.cajamadrid.es
127.0.0.1 cajamadrid.es
127.0.0.1 www.cajamadrid.com
127.0.0.1 cajamadrid.com
127.0.0.1 oi.cajamadrid.es
127.0.0.1 www.ccm.es
127.0.0.1 ccm.es
127.0.0.1 www.haspa.de
127.0.0.1 haspa.de
127.0.0.1 ssl2.haspa.de
127.0.0.1 www.dresdner-bank.de
127.0.0.1 dresdner-bank.de
127.0.0.1 www.dresdner-privat.de
127.0.0.1 postbank.de
127.0.0.1 www.postbank.de
127.0.0.1 banking.postbank.de
127.0.0.1 www.sparda-b.de
127.0.0.1 sparda-b.de
127.0.0.1 www.bankingonline.de
127.0.0.1 www.raiffeisenbank-erding.de
127.0.0.1 raiffeisenbank-erding.de
127.0.0.1 www.vr-networld-ebanking.de
127.0.0.1 vr-networld-ebanking.de
127.0.0.1 www.bnhof.de
127.0.0.1 bnhof.de
127.0.0.1 www.deutsche-bank.de
127.0.0.1 deutsche-bank.de
127.0.0.1 meine.deutsche-bank.de
127.0.0.1 www.citibank.de
127.0.0.1 citibank.de
127.0.0.1 www.dkb.de
127.0.0.1 dkb.de
127.0.0.1 www.sparkasse-regensburg.de
127.0.0.1 sparkasse-regensburg.de
127.0.0.1 www.berliner-bank.de
127.0.0.1 berliner-bank.de
127.0.0.1 www.berliner-sparkasse.de
127.0.0.1 berliner-sparkasse.de
127.0.0.1 www.wellsfargo.com
127.0.0.1 wellsfargo.com
127.0.0.1 www.bankofamerica.com
127.0.0.1 bankofamerica.com
127.0.0.1 www.usbank.com
127.0.0.1 usbank.com
127.0.0.1 www.bankone.com
127.0.0.1 bankone.com
127.0.0.1 www.citibank.com
127.0.0.1 citibank.com
127.0.0.1 www.capitalone.co.uk
127.0.0.1 capitalone.co.uk
This is the result of the activity of another malicious program.
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.