What is W32/Rehost-A?

W32/Rehost-A is a Trojan that has been around since 2009 that can be identified with antivirus software. A Trojan is malware named for the famous Trojan horse because it hides inside seemingly non-threatening files such as email attachments Like many Trojans, W32/Rehost-A is sent through email attachments. The most recent email messages infected by this Trojan appear to have been sent from eCards, an American Greeting Company. The subject line states that a friend has sent the target a greeting card, and the message includes a ZIP file attachment bearing the W32/Rehost-A Trojan.

When the target opens the attachment containing W32/Rehost-A, the malware creates a startup registry and registers a Winlogon notification package. This allows W32/Rehost-A to install itself into the winlogon.exe address space. Once it completes that task, the Trojan creates several new files.

After creating several new processes, it moves some of the newly created files into the address space of legitimate system files. W32/Rehost-A continues to infect the system by affecting the Windows registry and creating host names. In the case of the eCard greeting, americangreetings.com is one of the new host names.

W32/Rehost-A proceeds to make new connections and download GIF and CSS files from the host, and then instructs the SMTP engine to send out mass emails. Once W32/Rehost-A has infected a new computer using this method, it begins again on that machine.

W32/Rehost-A contains malicious code. Like any Trojan containing malicious code, it can cause extensive damage to networks. Networks with a large number of computers, infected systems or that receive large volumes of email are especially vulnerable. W32/Rehost-A sends out a huge number of emails at one time that can cause email and network systems to crash.

Microsoft is taking steps to combat its operating systems' susceptibility to viruses and malware that has plagued Windows since its inception by adding built-in protection and firewalls to its operating systems to keep viruses such as W32/Rehost-A from replicating.

One way to protect your computer from infections like W32/Rehost-A is to never download or install unknown software. You should also exercise caution when using online chat, instant messaging and peer-to-peer sharing software because these can expose your computer to viruses such as W32/Rehost-A and many others. It is imperative that you remain vigilant in your antivirus protection efforts and update your antivirus software often. Be sure to run regular scans to ensure that your computer is free of viruses and malware.

W32/Rehost-A is old enough to be easily identified by antivirus software that will block it from infecting your system should you encounter it. Check your antivirus software to see whether it will scan incoming emails and attachments for malware such as W32/Rehost-A. Keep your antivirus software up to date and perform weekly or daily scans to protect your computer from W32/Rehost-A and other threats.

At TopTenREVIEWS We Do the Research So You Don’t Have To.™