Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 8:11pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   More news on Hatoy.A		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: More news on Hatoy.A  (Read 354 times)
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2913
More news on Hatoy.A
« on: Oct 8th, 2003, 9:06pm »		 Quote Quote  Modify Modify
Significant increase in the number of computer affected by the Trojan Hatoy (Trj/Hatoy.A), first detected a few days ago. This malicious code is designed to change the TCP/IP settings of computers so that they point to a different DNS server than the one they had configured. Basically, DNS servers ensure that when a user enters an address in the Internet browser, the corresponding website is displayed.
 
For this reason, the main effect of Hatoy is that when users try to connect to any web page, it re-routes them to a different page selected by the virus author.  
 
Hatoy cannot spread by itself and therefore, the only way a user can become infected is by visiting web pages that have been especially constructed to exploit the Object Type vulnerability that affects the browser Microsoft Internet Explorer. This security flaw allows files contained in web pages that exploit this vulnerability to be automatically run. More information about this vulnerability and the patch that fixes it are available at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS03-032.asp
 
As a result, if users visit a web page that has been especially designed to automatically download and run Hatoy, their computers will be immediately infected. Once it has been installed on a computer, this Trojan modifies the Windows registry and creates several files.
 
Due to means of transmission used by this malicious code, it is suspected that the address of a website designed to distribute Hatoy has been sent as spam. This would explain why the number of incidents caused by this Trojan has significantly increased several days after it appeared.
 
According to data collected, the number of computers infected by this Trojan has is rising. Therefore, in order to avoid being infected by Hatoy, treat all e-mails received with caution and to update antivirus solutions immediately.
IP Logged
... but crap arrives pretty much straight away.
claire
Stole All the Forum Stars
********



carpe diem

   


Gender: female
 Posts: 3479
Re: More news on Hatoy.A
« Reply #1 on: Oct 8th, 2003, 10:21pm »		 Quote Quote  Modify Modify
Thanks Ian.
I also posted this one at CCSP(also with credit to you Wink)
IP Logged
Claire
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register