A security firm says it has spotted malware from China dubbed the Warp Trojan that takes a totally new approach:
After infecting a vulnerable Windows
computer, it pretends to be a router and tells the real local subnet router to send traffic for other networked computers to the infected machine, so the malware can then try to compromise the other computers through a man-in-the-middle attack.
SECURITY NEWS: Websense adds 'criminal encryption' detection to security gateway
"It has a direct impact on all the computers on the subnet because it will intercept traffic and make changes to the traffic," says John Morris, principal security researcher at Kindsight Security Labs. The firm believes Warp Trojan hails from China and may be used as some kind of adware to drive traffic to websites there.