Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- October 1, 2003
- Updated:
- February 13, 2007 12:08:26 PM
- Also Known As:
- QHosts-1 [McAfee], VBS.QHOSTS [CA], Troj/Qhosts-1 [Sophos], TROJ_QHOSTS.A [Trend], Trojan.BAT.Delude.c [KAV]
- Type:
- Trojan Horse
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
- CVE References:
- CAN-2003-0532
Trojan.Qhosts is a Trojan Horse that will modify the TCP/IP settings to point to a different DNS server.
Trojan.Qhosts cannot spread by itself. The user must open an HTML page that contains malicious code, which allows the Trojan to open a viral HTML file on the target computer so that the script can create and run the malicious executable.
Symantec Security Response has received reports that visiting a specific page on www.fortunecity.com caused a popup to be displayed, which redirected the visitor to a different Web page. Being redirected to the Web page appears to have caused the Trojan Horse to be downloaded to a visitor's system, and then executed. Reports also state that the threat exploited the Internet Explorer Object Data Remote Execution vulnerability on several victims' computers to execute itself. Microsoft has released a cumulative patch for this vulnerability.
Antivirus Protection Dates
- Initial Rapid Release version October 2, 2003
- Latest Rapid Release version May 16, 2012 revision 035
- Initial Daily Certified version October 2, 2003 revision 002
- Latest Daily Certified version May 17, 2012 revision 005
- Initial Weekly Certified release date October 2, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: More than 1000
- Number of Sites: More than 10
- Geographical Distribution: High
- Threat Containment: Easy
- Removal: Easy
Damage
- Damage Level: Medium
Distribution
- Distribution Level: Low
Writeup By: Douglas Knowles
