A thought about drivers\etc\hosts file
 Gynvael Coldwind (GynvaelColdwind) <gynvael vexillium org> |
Friday, August 7 2009 17:38.30 CDT |
I've been wondering recently what the next step for the malware writers will be, regarding banker troyans, and DNS-related stuff, and came into conclusion that it might be replacing the path to the drivers\etc\hosts file in the Dnscache service.
If you're interested, checkout the full post on my blog, and/or the video of the PoC.
Blog post: http://gynvael.coldwind.pl/?id=215
Video of PoC: http://www.youtube.com/watch?v=6kKOZJWOmww
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |