Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Experts Study Developing Internet Attack [New mysterious, large-scale Microsoft virus attack]
Associated Press | June 24, 2004 | TED BRIDIS

Posted on 06/24/2004 6:43:48 PM PDT by HAL9000

CHICAGO - Government and industry experts warned late Thursday of a mysterious, large-scale Internet attack against thousands of popular Web sites. The virus-like infection tries to implant hacker software onto the computers of all Web site visitors.

Industry experts and the Homeland Security Department were studying the infection to determine how it spreads across Web sites and find adequate defenses against it.

"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the government warned in one Internet alert.

The mysterious infection appeared to target at least one recent version of software by Microsoft Corp. to operate Web sites, called its Internet Information Server, popular among businesses and organizations.

A spokesman for Microsoft declined to comment immediately.

Experts said the attack's effects were unusually broad but weren't substantially interfering with Internet traffic.

"While this is significant, it has no impact on the operation of the Internet," said Marcus Sachs, who helps run the industry's Internet Storm Center in Bethesda, Md.

Experts urgently recommended consumers and corporate employees to update the antivirus software on their computers, since the latest versions can immunize visitors to infected Web sites.

The infected Web sites attempt to implant on visitors' computers hacker software that allows others to use their computers to surreptitiously route Internet spam e-mails.

ON THE NET

U.S. CERT: www.uscert.gov

Storm Center: http://isc.sans.org



TOPICS: News/Current Events; Technical
KEYWORDS: iis; internetexplorer; lowqualitycrap; microsoft; virus; windows; worm

1 posted on 06/24/2004 6:43:49 PM PDT by HAL9000
[ Post Reply | Private Reply | View Replies]

To: HAL9000

As always, the public presumption is that the main purpose of making individual machines into zombies is SPAM. Either they are being naive to the potential cyberwar possibilities, or simply playing dumb in order to prevent panic and keep the enemy in the dark regarding our awareness of his tactics.


2 posted on 06/24/2004 6:47:49 PM PDT by GOP_1900AD (Stomping on "PC," destroying the Left, and smoking out faux "conservatives" - Right makes right!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

Hey, just like Terminator 3.


3 posted on 06/24/2004 6:49:11 PM PDT by HitmanLV (I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
My first reaction was that this sounds like an urban myth. However, this story is on the LA Times web site, so it's got to be true, right? (More to the point, the LA Times credits the AP for the story, so probably there is a little something to it. But there is something about the wording of the story that gives it a tin hat flavor.)
4 posted on 06/24/2004 6:50:38 PM PDT by Steve Eisenberg
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

I don't know why on earth people don't keep their software updated.


5 posted on 06/24/2004 6:50:55 PM PDT by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

So what is the virus called, and how do we know if we've got it?


6 posted on 06/24/2004 6:52:15 PM PDT by Rokke
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000

yeah - a Trojan, worm, nothing new really.

Sounds like a variant of the Code-Red ??? Source: Communist China

This latest one? Probably the same source. Communist China was innundating the US emails for the last several months with an odd looking spam that appeared as coded messages. All they were doing was probing our filtering systems and amassing a huge database of valid emails of people who would help them (aka useful idiots).

When opened, the email message showed a picture that was coded for reference to the email address it was sent to.
When you open an email with a picture, that goes directly back to the source with ypur tracking information.

They have a valid email address that they know WILL be opened.


7 posted on 06/24/2004 6:52:41 PM PDT by steplock (http://www.gohotsprings.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: steplock

Interesting background info. Thanks.


8 posted on 06/24/2004 6:59:44 PM PDT by DoctorMichael (The Fourth Estate is a Fifth Column!!!!!!!!!!!!!!!!!!!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: HAL9000
www.uscert.gov -

IIS 5 Web Server Compromises

added June 24

US-CERT is aware of new activity affecting compromised web sites running Microsoft's Internet Information Server (IIS) 5 and possibly end-user systems that visit these sites. Compromised sites are appending JavaScript to the bottom of web pages. When executed, this JavaScript attempts to access a file hosted on another server. This file may contain malicious code that can affect the end-user's system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems.

Web server administrators running IIS 5 should verify that there is no unusual JavaScript appended to the bottom of pages delivered by their web server.

This activity is another example of why end users must exercise caution when JavaScript is enabled in their web browser. Disabling JavaScript will prevent this activity from affecting an end-user's system, but may also degrade the appearance and functionality of some web sites that rely upon JavaScript. US-CERT recommends that end-users disable JavaScript unless it is absolutely necessary. Users should be aware that any web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code.


9 posted on 06/24/2004 7:02:04 PM PDT by HAL9000
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000; All
Disabling JavaScript will prevent this activity from affecting an end-user's system, but may also degrade the appearance and functionality of some web sites that rely upon JavaScript.

I've had JavaScript disabled for a long time and all I think I've missed out on are a few ads.

10 posted on 06/24/2004 7:07:44 PM PDT by LibertyAndJusticeForAll
[ Post Reply | Private Reply | To 9 | View Replies]

To: Cicero

Norton nags until you do.


11 posted on 06/24/2004 7:09:10 PM PDT by Old Professer (Interests in common are commonly abused.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: steplock
Source: Communist China

The Internet Storm Center a computer in Russia is involved. The method used to infect the ISS servers is still unknown after four days, but "the list is long and includes businesses that we presume would normally be keeping their sites fully patched".

12 posted on 06/24/2004 7:10:27 PM PDT by HAL9000
[ Post Reply | Private Reply | To 7 | View Replies]

To: LibertyAndJusticeForAll

disable javascript how?


13 posted on 06/24/2004 7:16:57 PM PDT by Principled
[ Post Reply | Private Reply | To 10 | View Replies]

To: LibertyAndJusticeForAll
Ok, I'm aware. Now what?

"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the government warned in one Internet alert.

14 posted on 06/24/2004 7:39:20 PM PDT by DManA
[ Post Reply | Private Reply | To 10 | View Replies]

To: Principled
I believe that if you are using Internet Explorer, then you would need to disable 'active scripting' in order to disable Javascript (and other scripting). If you do a google search for 'disable active scripting ie' you will probably find a number of articles discussing how to do this.

It generally involves doing something like Tools->Internet Options->Security Tab bar->Custom Level->Disable Active scripting

15 posted on 06/24/2004 8:31:15 PM PDT by The Electrician
[ Post Reply | Private Reply | To 13 | View Replies]

To: The Electrician
CNET News has more information - Corporate Web servers infecting visitors' PCs

Excerpts -

This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch.

- snip -

The group also pointed out that the malicious program uploaded to a victim's computer is not currently detected as a virus by most antivirus software. With no patch from Microsoft, that leaves Internet Explorer users vulnerable. A representative of the software giant was not immediately available for comment on when a patch might be available.

- snip -

Meanwhile, the average Internet surfer is left with few options. Windows users could download an alternate browser, such as Mozilla or Opera, and Mac users are not in danger.

NetSec's Houlahan advocated drastic action.

"I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now," he said.


16 posted on 06/24/2004 8:37:04 PM PDT by HAL9000
[ Post Reply | Private Reply | To 15 | View Replies]

To: GOP_1900AD

Spam is the main motive; most spam is sent through these compromised computers (I think that was the purpose of the Sobig and Mydoom viruses). The recent case of the AOL employee shows this; the p*nis pill spammer who turned informant against his fellow gang members had been spamming through hijacked computers.
What I see happening is that spammers (most of them Americans) rent access to zombie networks ("radmins" or remotely administered networks--hackerspeak for blocks of virus-infected machines) or purchase lists of compromised computers from hackers based mostly in Eastern Europe.
However, it need not be spammers renting access to zombie networks. If you were an Islamic jihadist and you wanted to shut down electrical grids or 911 systems in a US city or state, you probably would do so via a DDoS (distributed denial of service) attack on a key point in the network that controls that system. Guess what you need for DDoS attacks: zombie networks.
In fact, extortionists (possibly Russian organized crime) seem to already be using zombie networks for DDoS attacks on online casinos.
Scary stuff. Make sure you keep your computer secure.


17 posted on 06/24/2004 8:46:29 PM PDT by monkeyman81
[ Post Reply | Private Reply | To 2 | View Replies]

To: monkeyman81

To add to what I was saying: A lot of critical infrastructure companies used to claim that their networks were not connected to the Internet. Then, during the Superbowl weekend of 2003, the Slammer worm took down a 911 system in Washington state and ATMs throughout the west coast got shut down. Somehow, the worm had gotten through to those people; it got into a network at a nuclear plant in Ohio (I don't recall the details). So there are control points in a lot of critical networks which can be accessed from the Internet if you know what you're doing. Hopefully the hadjis DON't know what they're doing.


18 posted on 06/24/2004 8:50:35 PM PDT by monkeyman81
[ Post Reply | Private Reply | To 17 | View Replies]

To: HAL9000
Excerpt from CNET News.......

http://news.com.com/Corporate+Web+servers+infecting+visitors%27+PCs/2100-7349_3-5247187.html?tag=nefd.top

Meanwhile, the average Internet surfer is left with few options. Windows users could download an alternate browser, such as Mozilla or Opera, and Mac users are not in danger.

NetSec's Houlahan advocated drastic action.

"I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now," he said. .

I don't know, this sounds kinda serious. I installed Mozilla-Firefox. Better safe than sorry. It was quick and painless.

19 posted on 06/25/2004 2:55:37 AM PDT by Musket
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson