Friday, June 25, 2004

What You Should Know About Download.Ject - "Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code."
2:20:05 PM    

Major Internet Attack Under Way. Security experts say Russian hackers are using a sophisticated attack to compromise major E-commerce Web sites, which then infect visitors with hacker tools designed to steal passwords and financial data, and possibly spew spam. [InternetWeek]
2:02:55 PM    

BBC: "Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it. ...the list of compromised sites involves banks, auction and price comparison firms and is growing fast." [Scripting News]
2:02:16 PM    

MS issues warning on Web attacks, pushes XP SP2 beta. Microsoft Corp. acknowledged Thursday that Internet Information Server (IIS), a component of the Windows 2000 Server, and holes in the Internet Explorer Web browser are being used in widespread attacks that are compromising Web pages and using them as launching pads for malicious computer code. [InfoWorld: Top News]
1:48:32 PM    

25 Jun JS/Scob-A JS/Scob-A is a Java script trojan that is reported to be appended to HTML files on IIS machines.   JS/Scob-A downloads a file from a Russian website, this website is no longer accessible.  [Latest virus alerts from Sophos]
12:43:59 PM    

US-CERT Current Activity:"US-CERT is aware of new activity affecting compromised web sites running Microsoft's Internet Information Server (IIS) 5 and possibly end-user systems that visit these sites. Compromised sites are appending JavaScript to the bottom of web pages. When executed, this JavaScript attempts to access a file hosted on another server. This file may contain malicious code that can affect the end-user's system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems."
12:41:05 PM    

WWW.Danger.Net (washingtonpost.com). washingtonpost.com - It looks like the Internet is turning into a world wide minefield this morning. [Yahoo! News - Technology]
10:59:20 AM    

 
Teknoids Security

Infoworld is reporting this morning that a new web attack is under away, infecting major websites and downloading malware onto unsuspecting browsers.  The article inscludes this quote: "Security experts have said that the attack only affects users of certain versions of Microsoft Corp.'s Internet Explorer browser. Additionally, Cluley said that it appears that the threat only affects Web servers running Microsoft IIS 5 (Internet Information Services) Web Server software and not Microsoft IIS 6, which comes with Windows 2003 Server. "

According to the article major, but unnamed, websites have been hacked and are downloading a trojan to browsing visitors.  The trojan includes a keystroke logger that captures info input, including financial data, from the keyboard and sends it to the hacker's websites.

More information:


9:25:24 AM