QHost-1 Trojan changes DNS settings, exploits IE
New details have emerged about a mysterious Trojan that has been changing domain name server settings on systems since yesterday.

Dubbed QHost-1 by antivirus software vendors, the Trojan changes DNS settings and renders some network-dependent services such as e-mail and Web surfing unavailable for corporate users.

Fixing systems hit by QHost isn't difficult. Security service provider Counterpane Internet Security Inc. recommends changing the DNS server settings back to their original settings. One could also obtain DNS settings from DHCP. Correcting the registry keys created by QHost is another fix.

QHost takes advantage of a new "object type" vulnerability in Microsoft's Internet Explorer browser. Exploits were discovered last weekend, alerting security experts to the flaw, which is related to a flaw Microsoft patched in August.

QHost's success likely will be limited because the Trojan cannot spread on its own. Users must be lured to a malicious Web site.…

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-032.asp

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci930281,00.html