Crowt.D, first discovered on Wednesday, opens up the Google News site upon infection, then alters the computer's HOSTS file to add a list of Web site addresses, the antivirus company said in an advisory last week. When somebody clicks on one of those addresses, they are redirected to a local loopback address instead, a move that effectively blocks access to the sites in the list. The worm restricts access to antivirus vendor sites, including Trendmicro.com, Kapersky-labs.com, Sophos.com, Symantec.com and Us.mcafee.com.
http://news.zdnet.com/2100-1009_22-5...=zdfd.newsfeed