Wednesday, June 29, 2005

Packet filtering trojan

Jarkko writes on the F-Secure "News from the Lab" blog:

Malware writers seem to have picked up a new trick for blocking anti-virus updates. Usually this is done with hosts-file by redirecting hostnames to localhost. Today we were looking at a new trojan called Fantibag that uses packet filtering to achieve the same goal.

This trojan installs a packet filtering policy that blocks access to several anti-virus companies and other mostly security-related sites. More info in the description.

0 Comments:

Post a Comment

<< Home