Virus blocks access to antivirus Web sites

A new variant of the Crowt worm blocks an infected user's browser from accessing certain antivirus vendors' Web sites.Crowt.

A new variant of the Crowt worm blocks an infected user's browser from accessing certain antivirus vendors' Web sites.

Crowt.D -- first discovered on Wednesday last week -- opens up the Google News site upon infection and then alters the computer's HOST file to manipulate access to specific Web sites. According to antivirus firm Trend Micro, the worm restricts access to sites including trendmicro.com, kapersky-labs.com, sophos.com, symantec.com and us.mcafee.com.

Adam Biviano, senior systems engineer at Trend Micro, said Crowt.D can redirect users' regardless of which browser they use.

"It uses the Windows associations to launch a file, so it will open your default browser," said Biviano.

Biviano said the virus is noteworthy because it has the potential to send a victim to a phishing Web site even when they have manually typed in a Web address, which is especially dangerous when using an online banking service.

"Banks are telling their customers to type their specific Web site address into the browser. However, if the host file has been compromised then even if the URL is typed in, the browser will still go to the phishing Web site," said Biviano.

DNS poisoning is another method that is being used by hackers to try and redirect Internet users to fraudulent Web sites. On Wednesday, Microsoft advised users of its server software to reconfigure their setting to avoid such attacks.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All