NEWS FROM THE LAB - Wednesday, June 29, 2005

Packet filtering trojan Posted by Jarkko @ 15:15 GMT

Malware writers seem to have picked up a new trick for blocking anti-virus updates. Usually this is done with hosts-file by redirecting hostnames to localhost. Today we were looking at a new trojan called Fantibag that uses packet filtering to achieve the same goal.

This trojan installs a packet filtering policy that blocks access to several anti-virus companies and other mostly security-related sites. More info in the description.