DNS-Highjacking at Google

Johannes Beus
Johannes Beus
30. September 2003
Johannes Beus
Johannes Beus
Johannes Beus ist Gründer und Geschäftsführer von SISTRIX.

TweakXP is reporting that a program has modified the hosts-file for many internet users, so that queries to the important searchengines like Google and Altavista are being redirected to the IP 64.191.59.85, which means that the queries will not reach the intended sites anymore.
There are speculations on Usenet about the program using one of the many bugs in Microsoft’s Internet Explorer to spread. At the moment, it is possible to load and execute any type of file without the user being able to stop this. [Demo on heise.de]

Update: The heise.de report on the Trojan called Qhost-1.

Related posts
Comments
Comments will be closed 30 days after the post was published.