Sophos researchers have discovered a malware campaign whose primary purpose appears to stray from the more common malware motives. Instead, say the researchers, it appears to steal passwords or to extort a computer's owner for ransom, blocking infected users' computers from being able to visit a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system.
The malware also downloaded and delivered a second malware payload, an executable named ProcessHacker.jpg, say Sophos researchers. Modifying the HOSTS file is a crude but effective method to prevent a computer from being able to reach a web address, Andrew Brandt, SophosLabs Principal Researcher Andrew Brandt writes.