Virus blocks access to antivirus Web sites

Virus blocks access to antivirus Web sites

Summary: A new variant of the Crowt worm blocks an infected user's browser from accessing certain antivirus vendors' Web sites.Crowt.

SHARE:
3
A new variant of the Crowt worm blocks an infected user's browser from accessing certain antivirus vendors' Web sites.

Crowt.D -- first discovered on Wednesday last week -- opens up the Google News site upon infection and then alters the computer's HOST file to manipulate access to specific Web sites. According to antivirus firm Trend Micro, the worm restricts access to sites including trendmicro.com, kapersky-labs.com, sophos.com, symantec.com and us.mcafee.com.

Adam Biviano, senior systems engineer at Trend Micro, said Crowt.D can redirect users' regardless of which browser they use.

"It uses the Windows associations to launch a file, so it will open your default browser," said Biviano.

Biviano said the virus is noteworthy because it has the potential to send a victim to a phishing Web site even when they have manually typed in a Web address, which is especially dangerous when using an online banking service.

"Banks are telling their customers to type their specific Web site address into the browser. However, if the host file has been compromised then even if the URL is typed in, the browser will still go to the phishing Web site," said Biviano.

DNS poisoning is another method that is being used by hackers to try and redirect Internet users to fraudulent Web sites. On Wednesday, Microsoft advised users of its server software to reconfigure their setting to avoid such attacks.

Topics: Malware, Browser, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • HELP!

    I'm very sure I have somehow gotten this virus. How do I get rid of it?
    anonymous
  • HELP!

    Everybody is trying to get rid of it, please!
    anonymous
  • Format the hard disk and all the partitions!

    It worked for me! don`t run any of the exe files you save ... the only thing worth saveing are pictures and some txt files ! it`s a bitch of a virus! I installed Vista after that ... i`ll keep u posted :) thx
    anonymous