| A Recall AND a Fundraiser? I'm toast. |
|---|
 |
| Let's get this over with FAST. Please contribute! |
Posted on 10/03/2003 8:30:14 AM PDT by Salo
Trojan uses MS hole to hijack Web browsers Program changes DNS so that requests for popular sites bring visitors to one maintained by hacker instead
By Paul Roberts, IDG News Service October 02, 2003
Computer hackers have found another way to exploit an unpatched hole in Microsoft Corp.'s Internet Explorer Web browser, using a specially designed attack Web site to install a Trojan horse program on vulnerable Windows machines.
The Trojan program changes the DNS (Domain Name System) configuration on the Windows machine so that requests for popular Web search engines like www.google.com and www.altavista.com bring the Web surfer to a Web site maintained by the hackers instead, according to warnings from leading security companies.
The attacks are just the latest in a string of online scams that rely on an easy-to-exploit flaw in IE known as the "ObjectData" vulnerability. Earlier attacks that relied on the vulnerability include a worm that spreads using American Online Inc.'s Instant Messenger network.
Microsoft released a patch for the ObjectData vulnerability, MS03-032, in August. However, even machines that applied that patch are vulnerable to the latest attack because of holes in that security patch, according to a bulletin posted by Network Associates Inc.
The Trojan horse program is called Qhosts-1 and rated a "low" threat, Network Associates (NAI) said. Trojan horse programs do not attempt to find and infect other systems. However, they do give attackers access to a compromised computer, often allowing a remote hacker to control the machine as if he or she were sitting in front of it.
Microsoft issued a statement Thursday saying that it was investigating reports of exploits for a variation on a vulnerability originally patched in Microsoft Security Bulletin MS03-032 and would release a fix for that hole shortly. A company spokesman could not say when the patch update will be released.
The Redmond, Washington, company recommended that customers worried about attacks install the latest Windows updates and change their IE Internet security zone settings to notify the user when suspicious programs are being run.
Qhosts-1 was installed on vulnerable Windows machines using attack code planted in a pop-up ad connected to a Web page set up by the hackers on a free Web hosting site, www.fortunecity.com, NAI said. The DNS servers used in the attack resided on systems owned by Houston, Texas hosting firm Everyone's Internet, according to Richard Smith, an independent computer security consultant in Boston.
Those servers, as well as the fortunecity.com site used to install the Trojan, have been taken offline since the attack caught the attention of security experts. That will stop the DNS hijackings, but will also make it impossible for users on infected computers to browse the Web until their DNS configuration is restored, he said. However, as long as the Microsoft hole remains unpatched, similar attacks could be launched.
To be attacked, Windows machines had to be running Internet Explorer versions 5.01, 5.5 or 6.0, which contain the ObjectData vulnerability, and visit the Web site that launched the pop-up. The pop-up ad exploited the ObjectData vulnerability then downloaded the Qhosts-1 Trojan from a Web site in Seattle, Smith said.
Counterpane Internet Security Inc., of Cupertino, California, said in a statement that it was tracking three possible infections by the Qhosts-1 Trojan on networks that it monitors.
There are still questions about how users were lured to the fortunecity.com site that installed the Trojan, but unsolicited commercial ("spam") e-mail with links to the site was a likely suspect and economic gain was a likely motive, Smith said.
Hackers used the DNS changes to drive Web surfers to a site that launched a variety of pop-up advertisements, resulting in increased Web traffic and advertising revenue for the individuals behind the scheme, he said.
The latest attack is an example of the increasingly sophisticated strategies used by malicious hackers, who adopt the strategies of legitimate online businesses, cobbling together available Web technologies in a "Tinker Toy" fashion to create sophisticated attacks, Smith said.
By relying on a network of sites hosted on free and fee-based Internet hosting sites, hackers also make it more difficult for authorities to follow their tracks. Identity theft frequently plays a role in the latest scams as well. Hackers use stolen credit card information to set up hosting accounts which are then used as part of Internet based attacks, he said.
| A Recall AND a Fundraiser? I'm toast. |
|---|
|
| Let's get this over with FAST. Please contribute! |
A Trojan with a hole was responsible for at least one of my kids.
A Trojan with a hole was responsible for at least one of my kids.
'blows is a total pos.
They must be talking about Verisign. 
**IF** apple - linux - xenix - etc were the MOST POPULAR programs and MS was HARDLY EVER used then you would see all these "flaws" in the other programs/systems
It comes down to this: Microsoft has worked very hard to ensure its monopoly.
The problem is, in the computer world, a monopoly is the equivelent of the Dutch Elm. Does anyone remember Dutch Elms? They were the perfect tree . . did well no matter where they were planted, and they were planted all over cities and suburbs across America.
Then one day Dutch Elm disease came. And since Dutch Elms were everywhere, the disease spread quickly. And since there weren't a lot of trees in many places that weren'tDutch Elms, there were many many towns that suddenly had all their trees die.
Whether Windows is a great or horrid operating system is beyond the point. Hackers want their viruses going everywhere as quickly as possible. Since there is no OS diversity, they can accomplish this easily. Therefore, the Microsoft monopoly is a threat to America's computer infrastructure.
If you had Apple AND Linux AND Xenix all competing as major players as opposed to JUST Microsoft, no one person would be able exploit a "flaw" on so many machines at once.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.