Home / malware BrowserModifier:Win32/Qiwmonk
First posted on 28 September 2016.
Source: MicrosoftAliases :
There are no other names known for BrowserModifier:Win32/Qiwmonk.
Explanation :
Installation
This threat can be installed on your PC when you download other software from third-party websites. We usually see it arrive purporting to be installers for software that would otherwise need to be paid for. For example, some of the file names we see it arrive as include:
- Microsoft Office 2010 官方简体ä¸æ–‡ç‰ˆ_54@64361.exe
- 360safe+105720+n32542bff9_8100000379737067280.exe
- 全国计算机ç‰çº§è€ƒè¯•å…¨çœŸæ¨¡æ‹Ÿè€ƒè¯•è½¯ä»¶_一级计算机基础åŠMSOffice应用_1@8850.exe
- PS+CS6@25_40856.exe
- WPS PowerPoint 2014 PPT 简体ä¸æ–‡å…费完整版_54@85416.exe
When these installers are run, they will offer to install additional programs and modify your browser settings.
Payload
Modifies your browser settings without your consent
This threat will modify your browser shortcuts to include a command-line argument to override your browser homepage choice. For example, it will modify your Internet Explorer browser shortcuts to append the following website to the command, which overrides your homepage configuration:
- “iexplorer.exe” https://hao.360.cn/?src=lm?ls=
For example, if you examine the properties of your browser shortcuts on your desktop or pinned to your task bar it may look like the following:
Analysis by Geoff McDonaldLast update 28 September 2016
