Technology news and Jobs 
Information Technology News Beware of itsecure.microsoft.com
Information Technology News Beware of itsecure.microsoft.com | Beware of itsecure.microsoft.com |
|
| by Stephen Withers | |
| Friday, 10 July 2009 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
One way that Preald.A preys on its victims is by creating a hosts file to associate the domain itsecure.microsoft.com with an IP address that has nothing to do with Microsoft. Usually, a computer gets any required domain name to IP address mappings from a domain name server associated with an ISP or one that is internal to the organisation. But a hosts file takes precedence (eg, to allow a purely internal resource to be accessed by name rather than address), so if a piece of malware can create or edit this file, any name can be associated with any IP address. According to ThreatFire, Preald.A creates false entries for itsecure.microsoft.com, avremover-pro.com and www.avremover-pro.com in the hosts file, associating them all with a server hosting information about a fake package called Antivirus System Pro. It also installs other malware, including a downloader to fetch additional nasties. It is a fairly common trick to generate a false warning that a system is infected with a virus or other malware, and then present a link to a site offering fake software. The hosts file trick could make it easier to fool victims - after all, everyone trusts Microsoft, don't they? Bona fide security software should detect Preaid.A, though other vendors may use different names for it. |
Tags
| < Next story in category | Previous story in the category > |
|---|
