Full Disclosure mailing list archives
Re: Windows hosts file changing.
From: Joe Stewart <jstewart () lurhq com>
Date: Wed, 22 Oct 2003 10:11:00 -0400
On Wednesday 22 October 2003 4:01 am, Kevin Gerry wrote:
Does -ANYBODY- know how it occurs?
This isn't Qhosts. It's a variant of the CoolWebSearch browser hijacker. Browsing the contact.htm page on the IP address given quickly reveals this site and CoolWebSearch are running the same scam under different names. The site's webmaster even has a link to the CWS removal tool and a "Don't blame me for trojaning you, blame Microsoft" message. More info on CoolWebSearch: http://www.spywareinfo.com/~merijn/cwschronicles.html -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Windows hosts file changing., (continued)
- RE: Windows hosts file changing. Poof (Oct 22)
- Re: Windows hosts file changing. V.O. (Oct 22)
- Re: Windows hosts file changing. Daniel (Oct 22)
- RE: Windows hosts file changing. Poof (Oct 22)
- Re: Windows hosts file changing. Joshua Levitsky (Oct 22)
- Re: Windows hosts file changing. David Gianndrea (Oct 22)
- Re: Windows hosts file changing. Brian Eckman (Oct 22)
- Re: Windows hosts file changing. Exibar (Oct 22)
- Re: Windows hosts file changing. Brian Eckman (Oct 22)
- Re: Windows hosts file changing. Mike Tancsa (Oct 22)
- RE: Windows hosts file changing. Austin Ehlers (Oct 22)
- RE: Windows hosts file changing. Poof (Oct 22)
- Re: Windows hosts file changing. Joe Stewart (Oct 22)
- RE: Windows hosts file changing. Bjørnar Bjørgum Larsen (Oct 22)