Trojan Dot Hosts malware infecting 8000 PCs a day

Dr.WEB, a Russian developer of information security software (like one it creates for android Dr.Web Anti-virus for Android), has issued advisory to PC users worldwide to beware of Trojan Dot Hosts malware. Users should Beware Trojan Dot Hosts malware as the number of compromised websites from which Trojan Dot Hosts malware is downloaded onto computers, is fast increasing.

In early 2013, the threat spread at almost epidemic magnitude. The outbreak remained at its peak in January and mid-February when as many as 9,500 computer infections were being registered every 24 hours. In March Trojan Dot Hosts malware programs are infecting about 8,000 computers per day.

Why Beware Trojan Dot Hosts malware:

Trojan Dot Hosts is a Trojan Horse. Trojan Horses are a kind of computer viruses or malicious codes, with disguised motives. That’s a Trojan tries to present itself as something; which it is essentially not. For instance, to lure a PC user to install a trojan, the trojan will display a message which claims that installing the same will make the user’s PC fast; when the actual motive is to infect the user’s PC. That’s why they are called Trojan horses.

Criminals are using stolen logins and passwords to connect to servers via FTP. They upload a shell and use it to modify the .htaccess file and embed a malignant script into web pages.

As a result, site visitors get a web page that contains links to a variety of malicious applications. In particular, this is how Trojan Dot Hosts malware has been spreading recently.

It should be noted that the Trojans of this family are also spread using other techniques. There are several affiliate programs under which cybercriminals are paid remuneration if they manage to extort money from users whose systems are compromised by Trojan Dot Hosts malware. Thus, these Trojans can get onto computers with the aid of backdoors and malignant downloader.

Doctor Web would like to remind you that Trojan Dot Hosts programs modify the hosts file located in the Windows system directory and used by an operating system to map hostnames to IP addresses If the file is compromised, a user attempting to visit a popular site is redirected to a web page created by criminals.

In early 2013 the threat spread at almost epidemic magnitude. The outbreak remained at its peak in January and mid-February when as many as 9,500 computer infections were being registered every 24 hours. In early March, the number of infected machines per day declined slightly; for example, on March 11 only 7,658 instances of infection were discovered (the number indicates cases when the Trojan modifies the hosts file on an infected computer).

The threat’s spreading rate is illustrated in the diagram below, hence Beware Trojan Dot Hosts.

Trojan Horse

What is the Solution against Trojan Dot Hosts malware:

1) Have a good Web Security and PC Security Suite on Your PC. You can use Avast as well, which is free for Home PC users or non-business users.

2) To specifically save yourself from Trojan Dot Hosts malware you can use Dr.Web, which claims to successfully remove the most known Trojan Dot Hosts malware versions. Moreover, Dr.Web 8.0 products incorporate a special routine to protect the hosts file. To configure this feature, switch to the administrative mode and select Tools ? Settings ? Preventive protection ? Level of suspicious activity blocking ? Custom (by default, writing to the hosts file is blocked). In addition, the IP addresses of compromised websites are promptly added to the Dr.Web database, so access to these resources is blocked by Dr.Web SpIDer Gate. If your anti-virus has blocked access to a popular site, Doctor Web recommends that you scan the hard drives of your computer for viruses. (Don’t even use Dr. Web, if your PC has no sings of Trojan Dot Hosts)

3) Don’t use any Free Web security services available online.

Although, in the absence of Dr.Web protection, you can use use the free utility Dr.Web CureIt! to perform a full scan of your machine and delete irrelevant information from the \Windows\System32\Drivers\etc\hosts file, if necessary. We advice you NOT TO DO THIS SCAN unless you are sure your computer has been compromised by this malware.