14 DAY TRIAL // A new version of the Crowt worm was discovered at the end of last week; one of its main actions is blocking users the access to antivirus companies websites.
Once launched, Crowt.D opens the Google News webpage, infects the HOST file of the system and modifies the access to different Internet pages. According to information provided by Trend Micro, the worm prevents the access to several sites among which: trendmicro.com, kapersky-labs.com, sophos.com, symantec.com and us.mcafee.com.
Adam Biviano, system engineer within Trend Micro has declared that this worm can redirect users to forged sites regardless of the navigation solution (browser). "Because the worm uses Windows Associations to launch a file, it will select the default browser to make this operation".
The danger level associated to this worm is extremely high because it has the potential of redirecting the victim to a forged site even if the user types the address of the site he wishes to enter. In this way, a hacker can break an online banking account or reveal confidential information only by placing the worm on the victim's system.
Until now, banks were advising clients to manually introduce the address of the webpage that carried out the money transfer. Since this method is no longer secure, banks, users and security companies will have to find another way for sending private information.