Paul Ducklin, head of technology, Sophos Asia-Pacific, said the Trojan, dubbed Qhosts-1, seduces the user to go to a Web site containing a script designed to exploits a security vulnerability in Internet Explorer and insert malicious code onto the victim's personal computer.
Sophos's revelation coincides with unconfirmed reports from a source within the technical ranks of one Australia's major ISPs of a spike in support calls from customers whose DNS server settings had been tampered with, in what appears to be an orchestrated attack on Internet security giant VeriSign.
"It's changing the IP address of the DNS servers from ours [domain name] across to VeriSign's to launch a DoS attack on them," said the source.
The source told ZDNet Australia that the activity appeared to be promoted by a virus or Trojan-like entity targeting Windows 2000 and Windows XP systems.
Ducklin said was unable to confirm that the new Trojan was implicated in the activity described by the source but confirmed it appeared that Qhosts-1 was designed to alter the DNS setting of its victim PCs.
"This particular trojan messes up your DNS so in theory it could be targeted against anyone," said Ducklin.
Qhosts-1 also "hijacks" Internet Explorer browser usage directing users to a server chosen by its creator.
"What I can say is that in the light of what [ZDNet Australia] has told us, it has made us interested in looking at this particular sample so that we can match it up if further samples come in and if appropriate there will be further notifications on our Web site," he said.
Sophos expected to have a new definition file posted to its Web site later today.
I have always been against viruses and trojans, but I hope Verisign and their ^&%$*&^ sitefinder service gets blown off the map!
I HATE them, may they both rot in hell!