“You Shall Not Pass” Browser Redirection Virus

05:16 10 June in Latest Threats

The “You shall not pass” message is a browser redirection virus, which will block you from visiting Facebook, Google, Youtube and other websites, and instead it will display a picture of Gandalf saying ‘ You shall not pass ‘.

This bug is distributed through malicious websites or valid websites that have been compromised, may drop this trojan onto a compromised computer. This drive-by-download often happens secretly. Another method used to propagate this type of malware is spam email containing infected attachments or links to malicious websites. The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software.

The “You shall not pass” virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.

Once installed on a PC, “You shall not pass” virus will drop many malicious files, and it will modify the Windwos HOSTS file to redirect your web browser to their malicious domains. The HOSTS file is like an address book, when you type an address like facebook.com into your browser, the Hosts file is consulted to see if you have the IP address, or “telephone number,” for that site. When infected with this trojan, the cyber criminals will add to your Hosts some new lines, which will resolve domain names to their malicious IP addresses.

After your HOSTS file is modified, whenever you’ll try to visit Amazon, Twitter, Bing and other popular websites, you’ll be redirect a to malicious domain which will display a “You shall not pass” notification.

It is capable of performing the following functions:

  • Capture video from the webcam
  • Control the clipboard
  • Control the mouse, including the clicks
  • Display a message box
  • Download and execute files
  • Gather system information
  • Hide the operating system’s default screens and windows
  • Open and close the CD-ROM drive door
  • Record sound produced by the computer
  • Record the keystrokes
  • Set a custom background
  • Steal passwords from known applications
  • Type text on the screen

Based on the behaviour of the threat, the removal process can vary for each case.
Chat with our system analyst to remove the virus and get Online Technical Support.

No Comments

Post A Comment

Get instant support anytime, anywhere. Our technical experts are online 24/7.