TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_QHOST.GC
Overview
Solution

Malware type: Trojan

Aliases: Trojan.Win32.Qhost.wu (Kaspersky), QHosts-95 (McAfee), Trojan.Qhosts.F (Symantec), TR/Qhost.WU (Avira), Troj/Qhost-E (Sophos), Trojan:Win32/Qhost.IV (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_QHOST.GC Behavior Diagram

Malware Overview

This Trojan can be downloaded unknowingly by a user when visiting malicious Web sites.

It modifies the system's HOSTS files to prevent users from accessing Google syndication at page2.googlesyndication.com, and redirects them to a certain IP address instead. The HOSTS file contains host name to IP address mappings.

This results to affected systems reading possibly maliciously coded advertisements from the replacement address rather than from Google.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 21, 2007 1:04:24 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.