1. /
  2. Security Response/
  3. Trojan.Qhosts

Trojan.Qhosts

Risk Level 2: Low

Discovered:
October 1, 2003
Updated:
February 13, 2007 12:08:26 PM
Also Known As:
QHosts-1 [McAfee], VBS.QHOSTS [CA], Troj/Qhosts-1 [Sophos], TROJ_QHOSTS.A [Trend], Trojan.BAT.Delude.c [KAV]
Type:
Trojan Horse
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
CVE References:
CAN-2003-0532

Trojan.Qhosts is a Trojan Horse that will modify the TCP/IP settings to point to a different DNS server.

Trojan.Qhosts cannot spread by itself. The user must open an HTML page that contains malicious code, which allows the Trojan to open a viral HTML file on the target computer so that the script can create and run the malicious executable.

Symantec Security Response has received reports that visiting a specific page on www.fortunecity.com caused a popup to be displayed, which redirected the visitor to a different Web page. Being redirected to the Web page appears to have caused the Trojan Horse to be downloaded to a visitor's system, and then executed. Reports also state that the threat exploited the Internet Explorer Object Data Remote Execution vulnerability on several victims' computers to execute itself. Microsoft has released a cumulative patch for this vulnerability.


Antivirus Protection Dates

  • Initial Rapid Release version October 2, 2003
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version October 2, 2003 revision 002
  • Latest Daily Certified version August 20, 2013 revision 016
  • Initial Weekly Certified release date October 2, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: High
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Low
Writeup By: Douglas Knowles

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver