Welcome to the Virus Encyclopedia of Panda Security.
It changes the prefix of the web addresses that begin with www, thus redirecting them to other website. It deactivates the URL handlers of the protocols its, ms-its and mhtml, and changes the start page and default search page of Internet Explorer.
|First detected on:||Aug. 10, 2004|
|Detection updated on:||Aug. 10, 2004|
|Yes, using TruPrevent Technologies
Leritand.A is a Trojan that changes the prefix of the web addresses that begin with www, thus redirecting them to a website that opens the original web address intended by the user, who does not notice any abnormal behaviour. Though this redirection does not seem to have any direct consequences, it could be used in order to monitor the websites accessed, attempt to exploit vulnerabilities, display advertisements, etc.
Leritand.A also deactivates the URL handlers of the protocols its, ms-its and mhtml. Though this may seem a beneficial payload, as these are the protocols affected by the vulnerability described by Microsoft in the bulletin MS04-013, which allows to run arbitrary code on the affected computer, in fact the deactivation of those protocols would cause some help systems to stop functioning.
Additionally, Leritand.A changes the start page and default search page of the browser Internet Explorer and adds links to the Favorites folder.
Leritand.A is easy to recognize once it has affected the computer, as:
- It changes the start page and default search page of the browser Internet Explorer.
- It adds two links to the Favorites folder, with the following names:
Teens Anal Fucking