Posted on 06/25/2004 9:12:00 AM PDT by all4one
Government and industry experts are reporting a mysterious, large-scale Internet attack against thousands of popular Web sites.
The virus-like infection tries to implant hacker software onto the computers of all Web site visitors.
Industry experts and the Homeland Security Department are studying the infection to determine how it spreads across Web sites and find adequate defenses against it.
A government warning says even Web sites trusted by users may contain the potentially malicious code. The infection appears to target at least one recent version of Microsoft's Internet Information Server, which is popular among businesses and organizations.
The United States Computer Emergency Readiness Team says the problem adds a piece of JavaScript to the bottom of Web pages that accesses another server.
US-CERT says disabling JavaScript will prevent this activity from affecting a user's system, but it could make some sites that use JavaScript appear incorrectly. The attack's effects are said to be unusually broad, but are not substantially interfering with Internet traffic.
How do we disable java for awhile? My Norton expired yesterday and I am waiting for my new norton to arrive snailmail, so I can't update right now.
Go to your Control Panel and choose your Internet Options icon. There should be a file tab labeled "Advanced", click on this tab and then scroll down and hit the check box to disable the Java Script.
If you are working in a corporate environment, check with your IT coodinator.
I got hit by "something" yesterday. It was very weird. Don't know if it was connected to the site I was surfing, but it happened when I was sent to an Acrobat Reader site. I sort of "lost control" of the computer for about three minutes, and when I got control back, the computer had reverted to original defaults, and my browser page looks different now. Think I'll go do a virus hunt. Thanks for the heads-up!
Anyone seen the addresses their being directed to? I'd like to blackhole those at the intenet router.
It might've been innocuous, Eggsie. Were you trying to view a .PDF file at the time? Acrobat will automatically try to update itself if you're using an older version.
...and I repeat...everyone purchase a second HD - and a copy of 'Ghost'. All this needless fretting....
The way this article reads, the attachment is a stealth that is not being detected.
so that’s what’s going on I was a bit suspicious
They seem to know it's accessing another server. Gotta be an IP address to go with it.
Also Control Panel....Internet Options.....Security tab...Custom Level
For the Active X and Java controls, choose either Disable or Prompt.
I haven't run across this problem yet, but I have ZoneAlarm which would probably prompt me with the IP address. Without decent virus software, most people would probably never know.
I don't really know what was going on. I was searching for sites on log cabin homes, and one that I clicked on sent me into this three-minute "no-zone." I DO recall seeing Acrobat Reader somewhere in the miasma during the stall.
I think there's a good probablility this is installing a back-door remote access trojan to be used later, either for sending spam or for DDOS attacks. We need an anti-virus that finds it, and leaves it there, but modifies it so that all it does is log and report the IP address of anyone attempting to access that back door.
FR does not run on Windows IIS.
NEW YORK (AP) _ A mysterious Internet virus being spread Friday by hundreds and possibly thousands of infected Web sites may be aimed at stealing credit card and other valuable information, security experts warned.
The infection appears to take advantage of three separate flaws with Microsoft Corp. products. Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.
Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn't substantially interfering with Internet traffic. Security experts at Microsoft and elsewhere worked Friday to pin down how the infection spreads across Web sites. It appears to target at least one recent version of Microsoft software for operating Web sites _ called Internet Information Server.
The infection makes subtle changes to the Web site so visitors get a piece of code that's designed to retrieve from a Russian Web site software that records a person's keystrokes and can send data back, experts say. Such software ``Trojan horses'' are routinely used to fish for credit card numbers, bank accounts, passwords and the like.
Now that the code is out, other hackers are likely to adapt it to distribute software for spamming and for launching broad Internet attacks against popular Web sites, said Alfred Huger, senior director of engineering at security company Symantec Corp. ``Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code,'' the U.S. Computer Emergency Readiness Team warned in an Internet alert.
Stephen Toulouse, a security program manager at Microsoft, recommended that computer owners obtain the latest security updates for Microsoft products and their anti-virus and firewall programs.
Because one flaw has yet to be fixed, he said, users should also turn up security settings on Microsoft's Internet Explorer browsers to the highest levels. Security experts noted that users can avoid the exploit by using alternative browsers such as Mozilla and Opera. Users could also turn off the ``Javascript'' feature on their Microsoft browsers, though doing so cripple functions on some sites. The infection does not affect Macintosh versions of Internet Explorer.
Wow....thanks for the update..
Update from NYer on today's Internet Virus.....Careful browsing!!!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.