Trojan.LowZones is a detection name used by Symantec to identify malicious programs that share the primary functionality of lowering Internet Explorer security settings.
Internet Explorer has a security model that can be configured by assigning websites and accompanying rules to the following zones:
- Internet
- Local intranet
- Trusted sites
- Restricted sites
The security policy for each zone can be altered to allow, restrict, or prevent access to certain websites, to control user interface and behavioral features, and to allow, restrict, or prevent the use of technologies such as ActiveX and .NET. Programs detected as Trojan.LowZones alter the Internet Explorer zone settings and therefore lower security settings on the compromised computer.
When Internet Explorer security settings have been lowered, a program may be able to perform the following actions:
- Run malicious or exploit code
- Display advertisements
- Download files
- Steal information
- Alter user authentication settings
Programs detected as Trojan.LowZones often arrive bundled with other malware. They may also be used in the early stages of a multi-stage attack.
Users should be aware that changes to security settings made by Trojan.LowZones may also affect other programs that use components of Internet Explorer.
If a Symantec antivirus product displays a detection alert for this threat, it means the computer is already protected and the Symantec product will effectively remove this threat from the computer.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
