Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Internet Attack Exploits Microsoft Software Flaws ( Internet Explorer vulnerable )
Reuters ^ | Fri Jun 25, 2004 08:25 PM ET | Duncan Martell

Posted on 06/25/2004 10:41:28 PM PDT by Ernest_at_the_Beach

Reuters

 

 
Internet Attack Exploits Microsoft Software Flaws

Fri Jun 25, 2004 08:25 PM ET

By Duncan Martell

SAN FRANCISCO (Reuters) - A potentially dangerous attack on personal computers by a virus designed to steal financial data and passwords from Web users rippled across the Internet on Friday, computer security experts said.

The attack, which surfaced earlier this week and is known as the "Scob" outbreak, exploits a vulnerability in servers using Microsoft Corp.'s IIS software and has been called more dangerous than the recent "Sasser" and "Blaster" infections.

The infected servers in turn exploit another vulnerability in Microsoft's Internet Explorer browser to install a Trojan Horse virus on the PCs of Web surfers who visit the infected Web sites, said Alfred Huger, senior director of engineering at Internet security company Symantec Corp.

"All of this takes place while it looks like you're viewing the same Web page," Huger said. "You don't even know that parts of your browser have been redirected to another Web site."

The U.S. Computer Emergency Readiness team warned on its Web site that "any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code."

The Trojan Horse places a keystroke logger on users' PCs and is designed to capture credit card numbers and passwords and send them back to a server in Russia, said Michael Murray, director of vulnerability and exposure at computer security firm nCircle Network Security.

By late Friday, however, the threat to users' personal data has been diminished, at least for now.

"The server appears to have been shut down in the last eight hours," Murray said. "We don't know if it was shut down by authorities or whether it was accidental."

The attack is more alarming than most because there are no patches available yet from Microsoft to fix the vulnerability in Internet Explorer that lets the hackers take control of computers, security researchers said.

On its Web site, Microsoft said users could search for the files "Kk32.dll" or "Surf.dat" to see if their PCs were infected. The company also suggested users set their browser security level to "high."

Experts also urged computer users to update their anti-virus software protection software

Most anti-virus software has been updated so that it can prevent the Trojan Horse from being installed, but because there is no patch yet available, there's no way to prevent future attacks to install the virus, Huger said.

"The truly alarming part is there is no patch available for that vulnerability," Huger said.



TOPICS: Extended News; Front Page News; News/Current Events; Technical
KEYWORDS: getamac; ieproblems; internetattacks; internetexploiter; lookoutexpress; lowqualitycrap; securityflaw; techindex; trojan; viruses; whoops; windows
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 161-175 next last

1 posted on 06/25/2004 10:41:28 PM PDT by Ernest_at_the_Beach
[ Post Reply | Private Reply | View Replies]

To: Ernest_at_the_Beach
Duplicate. See Also:
RIP, IE
2 posted on 06/25/2004 10:54:26 PM PDT by Boundless
[ Post Reply | Private Reply | To 1 | View Replies]

To: Boundless

Well, let me amend that.
The other thread isn't a duplicate
of the report, but of the story.

Perhaps the key thing here is:
"The truly alarming part is there is no patch
available for that vulnerability,"

Even if you have an AV and a FireWall app (and
I do), because this exploit targetted "trusted"
sites, you may have let configured scripting
guard for reduced security for those sites, and
got hit - if you use MSIE.

Update your AV definitions tonite and run a
full scan.

It would appear that the only solution is to
use another browser, until MS releases more
secure code (or becomes a smaller target for
malware coders).


3 posted on 06/25/2004 11:01:13 PM PDT by Boundless
[ Post Reply | Private Reply | To 2 | View Replies]

To: Ernest_at_the_Beach

Norton picks it up as "download.ject" and stops it from scripting, thereby rendering it harmless. I got hit with it twice in the last three days. It attacks only those web servers which have not applied a certain patch to IIS software. If you visit a website hosted on a server without the patch, and Scob has found that server, you're vulnerable to "download.ject" if your anti-virus software has not been updated to stop it from scripting.


4 posted on 06/25/2004 11:01:31 PM PDT by beckett
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
"Agin'...dang!"
5 posted on 06/25/2004 11:05:51 PM PDT by hummingbird ("If it wasn't for the insomnia, I could have gotten some sleep!")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Boundless; ShadowAce; shadowman99

The other thread got moved to the blogger section which isn't as visible.

This is a sourced story so should ( I think ) stay in the news section which is currently seen by many more folks.

Thanks for putting the Link to that thread since there was a pretty decent discussion on browsers and in particular on Firefox, which I am using at the moment.

Seems to work OK, still need to do more customization of the options.


6 posted on 06/25/2004 11:06:40 PM PDT by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Ernest_at_the_Beach

Attacks like this are the reason you should be using an active firewall. I use a NAT firewall in my router which blocks all normal incoming "probe" type attacks. However, firewalls will typically do nothing to prevent a trojan implant from a site which YOU visit.

A second line of attack is a firewall like ZoneAlarm [It is effective and it is FREE!]. The advantage of ZoneAlarm is that it will block messages being sent FROM your computer by untrusted software. You are forced to authenticate each application on your computer which sends messages.

If a trojan is installed, and if it collects private data, then it should still be blocked when it attempts to send the data back to the collection server.
*****
I keep my machines fairly up to date and my Norton virus protection very up to date. However, I visited a site supposedly selling equipment for the visually impaired. It looked legitimate. However, Norton did sound an alarm that a trojan was detected. Norton did NOT inform me that it had not prevented the infection. I didn't find out about the infection until the next scan two days later.

At the time of the scan, Norton was unable to delete the virus, which was running at the time. I could examine the virus enough to determine that it had been constructed in Russia at a firm started in 1991/2 to "monitor Russian legislation". [sure!]

I hand cleaned up the mess and found two collection files with email addresses that the virus had secreted away on my machine for later mailing.

The files installed, BTW, had randomized names so that searches on the executables did not produce any hits. Norton could not identify the trojan, it simply detected that an unidentified trojan was in operation on my machine.


7 posted on 06/25/2004 11:07:32 PM PDT by the_Watchman
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

BTTT


8 posted on 06/25/2004 11:09:18 PM PDT by Fiddlstix (This Tagline for sale. (Presented by TagLines R US))
[ Post Reply | Private Reply | To 1 | View Replies]

To: beckett

I switched from Norton to VCOM's System Suite and they use Trend's (I think it is )antivirus system.

I am also using the Firefox browser for awhile and see if I like it.


9 posted on 06/25/2004 11:12:26 PM PDT by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: hummingbird; HAL9000

Check out the link at #2.


10 posted on 06/25/2004 11:13:32 PM PDT by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: the_Watchman

I am running VCOM's system Suite 5 which has a firewall that detects in and Out.

Seems pretty good.


11 posted on 06/25/2004 11:17:49 PM PDT by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Boundless

I wonder why it didn't bother me?

Oh ya, I'm using Firefox.


12 posted on 06/25/2004 11:26:19 PM PDT by philetus (Keep doing what you always do and you'll keep getting what you always get)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Ernest_at_the_Beach
Thanks...I'm a techno-dork so I saved it to my expanding "Computers and IT" favorites; tomorrow, I'll start the coffee and explore. You might get some FREEPMAIL as I wade through all of this! LOL...thanks, again!
13 posted on 06/25/2004 11:27:00 PM PDT by hummingbird ("If it wasn't for the insomnia, I could have gotten some sleep!")
[ Post Reply | Private Reply | To 10 | View Replies]

To: Ernest_at_the_Beach

How long has explorer been out? Seems like the software engineers at Microsoft are complete idiots if they can't put together a program without flaws within 15 years.


14 posted on 06/25/2004 11:29:28 PM PDT by Rudder
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
I switched from Norton to VCOM's System Suite and they use Trend's (I think it is )antivirus system.

I use VCOM System Suite 5 as well, I think it's great. Yes, VCOM System Suite uses Trend-Micro's virus engine.

15 posted on 06/25/2004 11:52:48 PM PDT by BigSkyFreeper (John Kerry: An old creep, with gray hair, trying to look like he's 30 years old.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: BigSkyFreeper

I having been using Powerdesk forever and decided to try the whole suite.


16 posted on 06/25/2004 11:59:54 PM PDT by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Ernest_at_the_Beach

Cool! I actually prefer Powerdesk to Windows Explorer. I had only wished I had stumbled upon Powerdesk ages ago.


17 posted on 06/26/2004 12:02:25 AM PDT by BigSkyFreeper (John Kerry: An old creep, with gray hair, trying to look like he's 30 years old.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: hummingbird

Shadowace is guy to ask if you have questions on Firefox or mozilla.

There is also a user forum at the websites for mozilla and Firefox.


18 posted on 06/26/2004 12:02:41 AM PDT by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 13 | View Replies]

To: BigSkyFreeper

What browser are you running?


19 posted on 06/26/2004 12:04:02 AM PDT by Ernest_at_the_Beach (The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Ernest_at_the_Beach
I had bought VCOM's System Suite because I was getting sick and tired of Norton's products, particularly having to subscribe to anti-virus updates. I really liked the SystemWorks product years ago, but System Suite had everything I wanted, without the need for subscription just to keep the antivirus up-to-date.

I can't find one thing that I don't like about System Suite. It's very powerful, and runs on both my 98 and XP machines.

20 posted on 06/26/2004 12:05:37 AM PDT by BigSkyFreeper (John Kerry: An old creep, with gray hair, trying to look like he's 30 years old.)
[ Post Reply | Private Reply | To 16 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 161-175 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson