Posted on 06/25/2004 9:12:00 AM PDT by all4one
Government and industry experts are reporting a mysterious, large-scale Internet attack against thousands of popular Web sites.
The virus-like infection tries to implant hacker software onto the computers of all Web site visitors.
Industry experts and the Homeland Security Department are studying the infection to determine how it spreads across Web sites and find adequate defenses against it.
A government warning says even Web sites trusted by users may contain the potentially malicious code. The infection appears to target at least one recent version of Microsoft's Internet Information Server, which is popular among businesses and organizations.
The United States Computer Emergency Readiness Team says the problem adds a piece of JavaScript to the bottom of Web pages that accesses another server.
US-CERT says disabling JavaScript will prevent this activity from affecting a user's system, but it could make some sites that use JavaScript appear incorrectly. The attack's effects are said to be unusually broad, but are not substantially interfering with Internet traffic.
How do we disable java for awhile? My Norton expired yesterday and I am waiting for my new norton to arrive snailmail, so I can't update right now.
Go to your Control Panel and choose your Internet Options icon. There should be a file tab labeled "Advanced", click on this tab and then scroll down and hit the check box to disable the Java Script.
If you are working in a corporate environment, check with your IT coodinator.
I got hit by "something" yesterday. It was very weird. Don't know if it was connected to the site I was surfing, but it happened when I was sent to an Acrobat Reader site. I sort of "lost control" of the computer for about three minutes, and when I got control back, the computer had reverted to original defaults, and my browser page looks different now. Think I'll go do a virus hunt. Thanks for the heads-up!
Anyone seen the addresses their being directed to? I'd like to blackhole those at the intenet router.
It might've been innocuous, Eggsie. Were you trying to view a .PDF file at the time? Acrobat will automatically try to update itself if you're using an older version.
...and I repeat...everyone purchase a second HD - and a copy of 'Ghost'. All this needless fretting....
The way this article reads, the attachment is a stealth that is not being detected.
so that’s what’s going on I was a bit suspicious
They seem to know it's accessing another server. Gotta be an IP address to go with it.
Also Control Panel....Internet Options.....Security tab...Custom Level
For the Active X and Java controls, choose either Disable or Prompt.
I haven't run across this problem yet, but I have ZoneAlarm which would probably prompt me with the IP address. Without decent virus software, most people would probably never know.
I don't really know what was going on. I was searching for sites on log cabin homes, and one that I clicked on sent me into this three-minute "no-zone." I DO recall seeing Acrobat Reader somewhere in the miasma during the stall.
I think there's a good probablility this is installing a back-door remote access trojan to be used later, either for sending spam or for DDOS attacks. We need an anti-virus that finds it, and leaves it there, but modifies it so that all it does is log and report the IP address of anyone attempting to access that back door.
FR does not run on Windows IIS.
NEW YORK (AP) _ A mysterious Internet virus being spread Friday by hundreds and possibly thousands of infected Web sites may be aimed at stealing credit card and other valuable information, security experts warned.
The infection appears to take advantage of three separate flaws with Microsoft Corp. products. Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.
Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn't substantially interfering with Internet traffic. Security experts at Microsoft and elsewhere worked Friday to pin down how the infection spreads across Web sites. It appears to target at least one recent version of Microsoft software for operating Web sites _ called Internet Information Server.
The infection makes subtle changes to the Web site so visitors get a piece of code that's designed to retrieve from a Russian Web site software that records a person's keystrokes and can send data back, experts say. Such software ``Trojan horses'' are routinely used to fish for credit card numbers, bank accounts, passwords and the like.
Now that the code is out, other hackers are likely to adapt it to distribute software for spamming and for launching broad Internet attacks against popular Web sites, said Alfred Huger, senior director of engineering at security company Symantec Corp. ``Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code,'' the U.S. Computer Emergency Readiness Team warned in an Internet alert.
Stephen Toulouse, a security program manager at Microsoft, recommended that computer owners obtain the latest security updates for Microsoft products and their anti-virus and firewall programs.
Because one flaw has yet to be fixed, he said, users should also turn up security settings on Microsoft's Internet Explorer browsers to the highest levels. Security experts noted that users can avoid the exploit by using alternative browsers such as Mozilla and Opera. Users could also turn off the ``Javascript'' feature on their Microsoft browsers, though doing so cripple functions on some sites. The infection does not affect Macintosh versions of Internet Explorer.
Wow....thanks for the update..
Update from NYer on today's Internet Virus.....Careful browsing!!!
Thanks for the heads up. I run my settings on high security all the time. Have two firewalls and anti virus.........probably never enough.....and spyhunter as well.
Anything else I should go shopping for?
Mac OSX and the web browser Safari are not affected by this.
Just sitting back and laughing.
A Mac?
Thanks for the reminder, all4one...It is a treacherous world here on the global Internet highway.
"Mac OSX and the web browser Safari are not affected by this.
Just sitting back and laughing."
They still sell those?!
Seriously, why is it that Mac users feel compelled to come across as smug and obnoxious. I can appreciate the technical value of a Mac, but the zealot nature of the users makes me ill.
check back
It came up on the New York Horse Racing homepage the other night on my friends computer..took him hours to get rid of it.
I agree as well even though Im on a mac right now. :o)
RE: #8
Good Call.
Thanks for the heads up
Or per this article dump IE
The last sentence is pretty amusing.
http://news.com.com/Researchers+warn+of+infectious+Web+sites/2100-7349_3-5247187.html?tag=nefd.lede
This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major companies, including some banks, said Brent Houlahan, chief technology officer of NetSec.
Meanwhile, the average Internet surfer is left with few options. Windows users could download an alternate browser, such as Mozilla or Opera, and Mac users are not in danger.
NetSec's Houlahan advocated drastic action.
"I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now," he said.
lol - thanks. It's really just common sense. Easy, cheap, relatively painless. I could get everything thrown at me and in 15 minutes have a clean install.
I'm not questioning your suggestion, just asking an honest (somewhat computer ignorant) question. If you only have a laptop what good will a second hard drive do?
Many thanks for the ping a4o
span the CD's
What does that mean?
Regarding your saltine binges, have you tried the new cheddar cheese saltines? Might up the quality of your binges :-)
The PC people always say that the reason they buy them are that PCs are cheaper. But then they write they have to buy Norton, Zone Alarm, download Spybot, AdAware, etc, etc, and have to spend so much time updating all these. In the long run, it comes out about the same $. And us Maccies don't have the aggrivation of fighting all those viruses.
A cruise missile that can do a traceroute would be nice.
"And us Maccies "
Yeah, but with that attitude, I'd guess that you "Maccies" are the same kids I used to beat up in school.
Enjoy your computing experience, educate those that need it and WANT it. But, drop tha attitude. I know people who wouldn't consider a Mac purely because of the attitude of Mac users. It helps to have a user base, look at the shareware. Not to mention, Linux runs on Intel, and I know Mac OS X is BSD based, but how many Linux distos support Mac?
What's so mysterious about another Windows flaw?
Spanning the CD's simply means that the image will burn to multiple CD's. And I promise - It'll take multiple CD's. In addition to keeping my data on a separate drive - I also burn my files to DVD's, Just in case the HD's fail.
It's Russian stuff.
Go to: www.incidents.org, which is a neat little website that I've bookmarked, run by IS pros for the benefit of IS administrators.
You may have to scroll through a bit of stuff. The memos/updates of 6/24 were quite informative.
Although they published the 'go-to-' numbers (217 prefixes) they STRONGLY advised that one should play carefully...
Thanks. I'd read it was a Russian network, but hadn't seen a specific IP or range.
Looks like they've located and shut down the Russian server, so the current attack is pretty well disabled. All that's left now is the cleanup.
Thanks for the update all4one.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.