23 Mar 2010
Win 7 Ultimate 64-bit. SP1.
New Scareware Leverages the Layered Service Provider.
Security researchers from antivirus vendor Trend Micro warn that a new FAKEAV version operates a ransomware-like component as a Layered Service Provider (LSP) routine. The malicious .DLL blocks access to websites such as Facebook, YouTube, MySpace, The Pirate Bay and others.
The Layered Service Provider is a Winsock feature that has long been abused by malware because it allows altering Internet traffic. The scareware analyzed by Trend installs a .DLL file in the LSP chain, with the purpose of intercepting calls to facebook.com, youtube.com or myspace.com, from Internet Explorer, Firefox and other applications (through svchost).
Source - New Scareware Leverages the Layered Service Provider - Blocks popular websites from being displayed - Softpedia
|My System Specs || |