Home / malware

PDF

Trojan.LowZones.SL

First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.LowZones.SL is also known as Trojan.LowZones, TR/QLowZones.S, W32/QlowZones.A!tr, Generic, QLowZones.a.

Explanation :

The trojan acts as a security menace that makes the system unsafer for surfing the Internet.

It has the folowing behavior :
First it makes a check for the targeted security settings using PrivacyGetZonePreferenceW function . This will access values of the registries contained by this registry key : HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settingsones3{AEBA21FA-782A-4A90-978D-B72164C80120}Afterward it changes it , if not the lowered values are already set, into the same registry key mentioned earlier with the function PrivacySetZonePreferenceW altering a value PRIVACY_TEMPLATE_LOW (with the numeric value of 5) and creates this registry key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsPrivacyAdvanced containing 0x0 . This is the same as Accept All Cookies on the Privacy Preferences slider bar in Internet Options.The trojan lowers security that other malware ("malicious software") can launch cookies in the system browser thus increasing the chance of indentity theft or browsing tracking.

More on changing the advanced settings on Internet Explorer here.

Last update 21 November 2011

 

TOP