Ads New Trojan filtering packets to isolate users Saturday, 02 July 2005 TechWeb 06/30/05 Summary A new Trojan, known as Fantibag.b, is blocking access to anti-virus vendors software update sites by creating packet filtering policies using the Microsoft RAS packet filtering API.... A new Trojan is using a sophisticated technique to cut off infected computers from anti-virus and security vendors update sites, the Finnish firm F-Secure said Thursday. Its not uncommon for worms and Trojan horses to sever links to update sites, but the until recently, said F-Secure, the method has been different: modifying the Windows HOSTS file to redirect the domains of popular security vendors to the local host so that the browser returns a blank page or error. This Trojan, dubbed Fantibag.b by F-Secure (and Fantibag.a by Computer Associates), however, blocks access by creating packet filtering policies using the Microsoft RAS packet filtering API. The result: all inbound and outbound packets between the users machine and any of the 100+ filtered IP addresses are then dropped, essentially cutting communication and preventing updates -- such as new malware signatures -- from being downloaded. Among the filtered IP addresses are those belonging to Microsoft (including Windows Update), Computer Associates, F-Secure, McAfee, Sophos, Symantec, and Trend Micro. Fantibag.b sports a tenuous connection with the more prevalent Mitglieder Trojan, said Computer Associates; the former may be downloaded to systems already compromised by Mitglieder.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.