ARPoisoner.A only affects computers that belong to the same local network.
Its main aim is to capture and modify the network packets that are sent from the computers. The only packets it modifies are those belonging to the HTTP protocol.
As a consequence, the website requested by the user will be displayed with alterations, a string of BBBBBBBBBBB appear, as in the image below:
This does not mean that these computers are infected by ARPoisoner.A, but that there is an infected computer in the network they belong to. Concretely, the visited websites in the infected computer will not be displayed with the anomaly mentioned above.
In a normal network configuration, the systems are connected to the Internet via a router, as in the image below:
However, ARPoisoner.A is able to capture the network packets before they reach the router:
In order to do so, it uses the Windows packet capture library called Winpcap.
Once it captures the network packets, it sends them to the router, the router gives them back to the Trojan, the Trojan modifies them by adding the BBBBBBBB and finally they are sent to the user that requested them.
Plus d’informations sur virus ARPoisoner.A dans l’Encyclopédie
Précédent