Home / malwarePDF  

Trojan:BASH/QHost.WB


First posted on 02 August 2011.
Source: SecurityHome

Aliases :

There are no other names known for Trojan:BASH/QHost.WB.

Explanation :

Trojan:BASH/QHost.WB hijacks web traffic by modifying the hosts file.

Additional Details

Trojan:BASH/QHost.WB poses as a FlashPlayer installer called FlashPlayer.pkg:



Screenshot of Trojan:BASH/QHost.WB masquerading as a FlashPlayer

This trojan is also further discussed in our Labs Weblog post:

  • Trojan:BASH/QHost.WB


Activity

Upon installation, the trojan will hijack and redirect web traffic to Google by adding the following entries to the hosts file:

  • 91.224.160.26 google.com
  • 91.224.160.26 google.ae
  • 91.224.160.26 google.as
  • 91.224.160.26 google.at
  • 91.224.160.26 google.az
  • 91.224.160.26 google.ba
  • 91.224.160.26 google.be
  • 91.224.160.26 google.bg
  • 91.224.160.26 google.bs
  • 91.224.160.26 google.ca
  • 91.224.160.26 google.cd
  • 91.224.160.26 google.com.gh
  • 91.224.160.26 google.com.hk
  • 91.224.160.26 google.com.jm
  • 91.224.160.26 google.com.mx
  • 91.224.160.26 google.com.my
  • 91.224.160.26 google.com.na
  • 91.224.160.26 google.com.nf
  • 91.224.160.26 google.com.ng
  • 91.224.160.26 google.ch
  • 91.224.160.26 google.com.np
  • 91.224.160.26 google.com.pr
  • 91.224.160.26 google.com.qa
  • 91.224.160.26 google.com.sg
  • 91.224.160.26 google.com.tj
  • 91.224.160.26 google.com.tw
  • 91.224.160.26 google.dj
  • 91.224.160.26 google.de
  • 91.224.160.26 google.dk
  • 91.224.160.26 google.dm
  • 91.224.160.26 google.ee
  • 91.224.160.26 google.fi
  • 91.224.160.26 google.fm
  • 91.224.160.26 google.fr
  • 91.224.160.26 google.ge
  • 91.224.160.26 google.gg
  • 91.224.160.26 google.gm
  • 91.224.160.26 google.gr
  • 91.224.160.26 google.ht
  • 91.224.160.26 google.ie
  • 91.224.160.26 google.im
  • 91.224.160.26 google.in
  • 91.224.160.26 google.it
  • 91.224.160.26 google.ki
  • 91.224.160.26 google.la
  • 91.224.160.26 google.li
  • 91.224.160.26 google.lv
  • 91.224.160.26 google.ma
  • 91.224.160.26 google.ms
  • 91.224.160.26 google.mu
  • 91.224.160.26 google.mw
  • 91.224.160.26 google.nl
  • 91.224.160.26 google.no
  • 91.224.160.26 google.nr
  • 91.224.160.26 google.nu
  • 91.224.160.26 google.pl
  • 91.224.160.26 google.pn
  • 91.224.160.26 google.pt
  • 91.224.160.26 google.ro
  • 91.224.160.26 google.ru
  • 91.224.160.26 google.rw
  • 91.224.160.26 google.sc
  • 91.224.160.26 google.se
  • 91.224.160.26 google.sh
  • 91.224.160.26 google.si
  • 91.224.160.26 google.sm
  • 91.224.160.26 google.sn
  • 91.224.160.26 google.st
  • 91.224.160.26 google.tl
  • 91.224.160.26 google.tm
  • 91.224.160.26 google.tt
  • 91.224.160.26 google.us
  • 91.224.160.26 google.vu
  • 91.224.160.26 google.ws
  • 91.224.160.26 google.co.ck
  • 91.224.160.26 google.co.id
  • 91.224.160.26 google.co.il
  • 91.224.160.26 google.co.in
  • 91.224.160.26 google.co.jp
  • 91.224.160.26 google.co.kr
  • 91.224.160.26 google.co.ls
  • 91.224.160.26 google.co.ma
  • 91.224.160.26 google.co.nz
  • 91.224.160.26 google.co.tz
  • 91.224.160.26 google.co.ug
  • 91.224.160.26 google.co.uk
  • 91.224.160.26 google.co.za
  • 91.224.160.26 google.co.zm
  • 91.224.160.26 google.com
  • 91.224.160.26 google.com.af

Last update 02 August 2011

 

TOP

Malware :

Family: