Dr.WEB, Russian developer of information security software, has studied one of the most widespread threats in April 2013, the Trojan Trojan.Mods.1, formerly known as Trojan.Redirect.140. According to statistics compiled by the curing utility Dr.Web CureIt!, the number of infections with this Trojan represent 3.07% of the total number of detected threats. A summary of the study can be found below.
Then the dropper saves on the hard drive the main library which injects its code into all running processes on the infected computer but operates only in the processes of the following browsers: Microsoft Internet Explorer, Mozilla Firefox, Opera, Safari, Google Chrome, Chromium, Mail.Ru Internet, Yandex.Browser, and Rambler Nichrome. The configuration file containing all the data needed to run Trojan.Mods.1 is encrypted and stored in the dynamic linking library.
Trojan.Mods.1 is chiefly designed to replace web pages visited by users with malicious web pages by intercepting the system functions responsible for translating DNS names to IP addresses. As a result, instead of the sites they have requested, users are redirected to fraudulent pages where they are asked to enter a mobile phone number and reply to an SMS sent from the short number 4012. If they comply, a certain amount will be debited from their account.
The architecture of Trojan.Mods.1 contains a special algorithm that allows redirection to a certain group of addresses to be disabled.
The signature of this threat has been added to the Dr.Web virus database, so Trojan.Mods.1 does not pose a serious threat to systems protected by Doctor Web products.
Related
Tags: About Doctor Web , About Dr.WEB , Additional tweaks have been introduced to avoid errors when adding or removing product components or uninstalling the product , antivirus softwares dr web free download , certification and state secret protection of FSB Russia for development and/or publishing of tools for protection of classified information , Currently Doctor Web , devices business for Airtel , Doctor Web , doctor web antivirus , Doctor Web dealers in delhi , Doctor Web dealers in india , Doctor Web dealers in jaipur , Doctor Web dealers in Kolkata , Doctor Web dealers in lucknow , Doctor Web dealers in Madhya Pradesh , Doctor Web dealers Mumbai , Doctor Web dealers rajasthan , Doctor Web dealers surat , Doctor Web dealers uttarpradesh , Doctor Web distribution , Doctor Web distributor in india , Doctor Web file must be downloaded , Doctor Web fixes a SpIDer Guard problem , doctor web free download , Doctor Web Google Play , Doctor Web has updated , Doctor Web information security software , Doctor Web is 1.2.1 india , Doctor Web malware downloaded , Doctor Web product , Doctor Web Russian developer of information security software , Doctor Web Samsung devices , Doctor Web site , Doctor Web updated its Dr.Web 7.0 for Android Light , Doctor Web via a browser , Doctor Web wasn't being detected , Doctor Web will be updated automatically , doktor web download , dr web android license key , dr web android pro license key free , dr web antivirus , dr web antivirus 2011 , dr web antivirus 2011 free download , dr web antivirus keygen , dr web antivirus licence key , dr web antivirus license key free , dr web antivirus pro apk , dr web cureit antivirus free download , dr web cureit download , dr web cureit free download full version , dr web product key , dr. web antivirus key for android , dr.cureit free download , Dr.WEB , Dr.Web -1.0.3 , Dr.Web 32- and 64-bit versions of Linux , Dr.Web 7.0 for Android Light , Dr.Web 8.0 products' Components for Windows Updated , Dr.Web Administrator emergency aid kit , Dr.Web announced eighth version of remote scanning and curing utility Dr.Web CureNet , Dr.Web anti-virus for Android. , Dr.Web Anti-virus Light on the application list , dr.web antivirus 6.01.7 apk , dr.web antivirus apk , dr.web antivirus apk download , dr.web antivirus download , dr.web antivirus for nokia , dr.web antivirus free download , dr.web antivirus free download 2010 , dr.web antivirus free download for windows 7 , dr.web antivirus full apk , dr.web antivirus key , dr.web antivirus key for mobile , dr.web antivirus light , dr.web antivirus serial number , Dr.Web Attacks Linux Servers , Dr.Web Beta Testers , Dr.Web Business , Dr.Web Buy from partners , Dr.Web code , Dr.Web Company history , Dr.Web Company profile , Dr.Web compromised Linux web servers , Dr.Web Contact us , Dr.Web CureIt , dr.web cureit antivirus , Dr.Web CureNet , Dr.Web CureNet 8.0 , Dr.Web CureNet 8.0 download , Dr.Web CureNet 8.0 serial number , Dr.Web CureNet 8.0 support Windows 8 and Windows Server 2012 , Dr.Web CureNet 8.0demo license , Dr.Web CureNet! 8.0 released , Dr.Web CureNet! from http://www.drweb-curenet.com/ or download.drweb.com/curenet , Dr.Web customers , Dr.WEB device's IMEI , Dr.Web distributions , Dr.Web DNS names , Dr.Web exploits critical vulnerabilities , Dr.Web FAQs , Dr.Web for Android Light , Dr.Web for Android on Challenge Tablet in Japan , Dr.Web Forums , Dr.Web Free services , Dr.Web Free trial , Dr.Web FSB documents of compliance , Dr.Web FSTEC documents of compliance , Dr.Web Gallery , Dr.WEB has Studied Dangerous Trojan Substituting Web Pages , Dr.WEB have been discovered on Google Play , Dr.Web Headquarters , Dr.Web Home , Dr.Web india , Dr.Web india delaer , Dr.Web india distributor , Dr.Web information security software , Dr.Web installation , Dr.Web installed on attacked servers , Dr.Web introduces a new rootkit-detection subsystem , Dr.Web Investigates , Dr.WEB is warning users , Dr.Web Join now , dr.web license key , Dr.Web Licenses & Certificates , Dr.Web Licenses and certificates Dr.Web Privacy policy Contacts , Dr.Web LinkChecker for Google Chrome , Dr.Web LinkChecker for IE , Dr.Web LinkChecker for Mozilla Firefox / Thunderbird , Dr.Web LinkChecker for Opera , Dr.Web LinkChecker for Safari , Dr.Web Linux.Sshdkit , Dr.Web Live CD , Dr.Web LiveUSB , Dr.Web login and password , Dr.Web malware , Dr.Web multi-thread scanning , Dr.Web new version boasts much faster , Dr.Web new version has been released , Dr.Web non-trivial routine , Dr.Web own investigation , Dr.Web Partner offers , Dr.Web Partner portal , Dr.Web Press center , Dr.Web process sshd , Dr.Web Profit with us , Dr.Web Regional offices Press center , Dr.Web Registered trademarks , Dr.Web Registration , Dr.Web remote server via UDP , Dr.Web Renew license , Dr.Web Renewal , Dr.Web Russian develop , Dr.WEB Russian developer of information security software , dr.web serial number , Dr.Web server's IP is hardcoded into the malware , Dr.Web Service subscription , Dr.WEB showpage – open a web page in a browser Dr.WEB install – download and install an apk package Dr.WEB showinstall – show a push-notification about the installation of an apk package Dr.WEB iconpa , Dr.Web Special offers , Dr.Web Special offers from providers , Dr.Web spreads is yet to be determined , Dr.Web steal passwords on servers running Linux , Dr.Web Subscription package , Dr.Web The latest Trojan version , Dr.Web The licence of Russian Ministry of Defense for activities related to information security tools development , Dr.Web The licences of Federal Service for Technology and Export Control of Russian Federation , Dr.WEB total number of installations of these programs has reached several million , Dr.Web Trojan horse , Dr.Web Trojan injects , Dr.Web Unlock Windows (Trojan.Winlock) , Dr.Web Update to v.8 , Dr.Web Upgrade license , Dr.Web Upgrade to license with firewall , dr.web version 5 license key , Dr.WEB Warns Users of Twenty Eight Apps on Google Play Spreading Trojans , dubbed Linux.Sshdkit by Dr.Web , freedrweb , FSB (Federal Security Service) licences , has updated the installer module in the eighth version of Dr.Web Security Space and Dr.Web for Windows due to the component's enhanced capabilities , http://www.drweb.com , Installer in Dr.Web 8.0 for Windows Updated , license key for dr web antivirus , Linux.Sshdkit , Looking for an anti-virus? Sign up for the Dr.Web anti-virus service , Ltd. is a Microsoft Certified Partner , Ltd. possesses the following certificates and licenses , Nasty Trojan infects 100 hosts in sixty minutes , o Dr.Web AV-Desk trademark certificate , o Dr.Web CureIt! trademark certificate , o Dr.Web CureNet! trademark certificate , o Dr.Web trademark certificate , o FSB Russia document of compliance for a software tool Doctor Web command line scanner for DOS (v. 4.44) , o FSB Russia document of compliance for a software tool Doctor Web command line scanner for Linux/FreeBSD/OpenBSD/Solaris(i86) (v4.44) , o FSB Russia document of compliance for a software tool Dr.Web command line scanner for Microsoft Windows 95/98/Me/NT/2000/XP/Vista workstations (v4.44) , o FSB Russia document of compliance for a software tool Dr.Web® anti-virus for Internet gateways Unix (v.4.44) , o FSB Russia document of compliance for a software tool Dr.Web® anti-virus for Unix file servers (v.4.44) , o FSB Russia document of compliance for a software tool Dr.Web® anti-virus for Windows 95/98/Me/NT/2000/XP/Vista (v.4.44) , o FSB Russia document of compliance for a software tool Dr.Web® anti-virus for Windows file servers (v.4.44) , o FSB Russia document of compliance for a software tool Dr.Web® Enterprise Suite (v.4.44) , o FSB Russia document of compliance for a software tool Dr.Web® for MS Exchange (v.4.44) , o FSB Russia document of compliance for a software tool Dr.Web® for Unix mail servers (v.4.44) , o FSB Russia document of compliance for a software tool(v.4.44) Dr.Web anti-virus for Windows that enables using it in isolated networks , o FSB Russia licence for activities involving access to state secret information within Moscow and Moscow region , o SpIDer Guard trademark certificate , o SpIDer Mail trademark certificate , o The document of compliance of FSTEC RF #1214/1 for a set of anti-virus programs , o The licence of Federal Service for Technology and Export Control for development and/or publishing of tools for protection of classified information , o The licence of Federal Service for Technology and Export Control for development of information security tools , o The licence of the Centre for licencing , operator code , r.web antivirus download free full version , Russian developer of information security software , t Dr.Web remote server via UDP , t twenty-eight applications incorporating a malicious adware module that can download Trojans to Android devices , The Doctor Web Partner Network covers over 90 countries. Buy your Dr.Web products from our authorized partners now , the fraudulent module , The update will be downloaded and installed automatically , The updated version of the module incorporates a routine to restore the default product configuration file. It may come in handy if the configuration file has been corrupted and the anti-virus can not , Twenty Eight Apps on Google Play Spreading Trojans
Continue Reading
BANGALORE, India – May 28, 2013
