The Lowland Clans
26-06-2004, 18:11
That's right folks, the sh*t has hit the fan.
The virus is a Keystroke recorder that allows the hackers to see you social security numers, credit card numers, etc etc. ad infinitum.
It actually first infects remote web servers, so that when you simply visit the sites with a browser, it then downloads itself to your machine and does its’ stuff. There is reason to believe that even patched web servers are vulnerable
The article about the virus is here:
Virus Designed to Steal Windows Users' Data
Hundreds of Web Sites Targeted
A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site, government computer security experts warned this week.
Hundreds of Web sites have been targeted by the virus, which exploits flaws in Microsoft Corp.'s Windows Internet software, according to an alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.
Infected sites were programmed to connect people using the Microsoft Internet Explorer browser to a Web site that contains code allowing hackers to record what users type, such as passwords and credit card and Social Security numbers. The code then e-mails that information to the anonymous attackers.
Government officials would not identify the infected sites; computer security vendors said many have taken steps to fix the problem. In addition, most large Internet service providers have stopped forwarding Web traffic to the Russian Web site that apparently hosts the software that records what is typed, minimizing the theft of data, officials said.
Among the several Web sites hit by the virus, dubbed "js.scob.trojan" by one antivirus vendor, were the Web sites of the Kelley Blue Book automobile pricing guide and MinervaHealth Inc., a Jackson, Wyo., company that provides online financial services for hospitals and health care businesses.
Robyn Eckard, a spokeswoman for the Irvine, Calif.-based Kelley Blue Book, said the company learned about the problem late Wednesday after Web site visitors said their antivirus software tipped them off to the code. Eckard said Kelly Blue Book removed the malicious code from its site by late Thursday afternoon.
Jennifer Scharff, vice president of marketing for MinervaHealth, said some of the company's clients reported the problem on Thursday. The company has since fixed its site, she said. Scharff said no more than 50 visitors browsed the Web site during the time it was serving up the hostile code.
Stephen Toulouse, a security program manager at Microsoft, said the company does not believe the attack is widespread. "Nonetheless, we view this as a very real threat, with serious significance in terms of the potential impact on our customers," he said.
Toulouse said the company is gathering information on the attack and will hand it over to the FBI.
FBI spokesman Joe Parris declined to say whether the FBI is investigating the attack. "These types of Trojan horse attacks are not that uncommon, and we work closely with Microsoft in investigating matters of this type and always follow up on any information provided by industry," he said.
Security experts said the attack represents the latest variation on "phishing" scams, a form of fraud designed to trick people into giving personal data to criminals who have designed Web sites to look like those of respectable companies.
Ken Dunham, malicious code manager for iDefense Inc., a Reston-based computer security company, said he expects this kind of attack to become more widespread in coming weeks and months.
"These guys have the tools, techniques and motivation to launch highly sophisticated attacks that are very difficult for consumers to protect themselves against," he said. "Whoever is responsible has just seen how well this attack works, and other [hacker groups] are almost surely going to take notice."
Computers experts urged Internet users to install firewalls and antivirus software and to download the latest updates. A CERT alert said Explorer users also can protect themselves by turning off the JavaScript function in their browsers. That change, however, can impair Internet browsing since JavaScript is a programming language used to add interactive functions to many Web sites.
The attack takes advantage of several recently discovered security flaws in Microsoft's Internet browser and Internet Information Services Web software. Microsoft released a patch in April to fix one security hole in its Internet browser; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.
CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions.
The virus is a Keystroke recorder that allows the hackers to see you social security numers, credit card numers, etc etc. ad infinitum.
It actually first infects remote web servers, so that when you simply visit the sites with a browser, it then downloads itself to your machine and does its’ stuff. There is reason to believe that even patched web servers are vulnerable
The article about the virus is here:
Virus Designed to Steal Windows Users' Data
Hundreds of Web Sites Targeted
A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site, government computer security experts warned this week.
Hundreds of Web sites have been targeted by the virus, which exploits flaws in Microsoft Corp.'s Windows Internet software, according to an alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.
Infected sites were programmed to connect people using the Microsoft Internet Explorer browser to a Web site that contains code allowing hackers to record what users type, such as passwords and credit card and Social Security numbers. The code then e-mails that information to the anonymous attackers.
Government officials would not identify the infected sites; computer security vendors said many have taken steps to fix the problem. In addition, most large Internet service providers have stopped forwarding Web traffic to the Russian Web site that apparently hosts the software that records what is typed, minimizing the theft of data, officials said.
Among the several Web sites hit by the virus, dubbed "js.scob.trojan" by one antivirus vendor, were the Web sites of the Kelley Blue Book automobile pricing guide and MinervaHealth Inc., a Jackson, Wyo., company that provides online financial services for hospitals and health care businesses.
Robyn Eckard, a spokeswoman for the Irvine, Calif.-based Kelley Blue Book, said the company learned about the problem late Wednesday after Web site visitors said their antivirus software tipped them off to the code. Eckard said Kelly Blue Book removed the malicious code from its site by late Thursday afternoon.
Jennifer Scharff, vice president of marketing for MinervaHealth, said some of the company's clients reported the problem on Thursday. The company has since fixed its site, she said. Scharff said no more than 50 visitors browsed the Web site during the time it was serving up the hostile code.
Stephen Toulouse, a security program manager at Microsoft, said the company does not believe the attack is widespread. "Nonetheless, we view this as a very real threat, with serious significance in terms of the potential impact on our customers," he said.
Toulouse said the company is gathering information on the attack and will hand it over to the FBI.
FBI spokesman Joe Parris declined to say whether the FBI is investigating the attack. "These types of Trojan horse attacks are not that uncommon, and we work closely with Microsoft in investigating matters of this type and always follow up on any information provided by industry," he said.
Security experts said the attack represents the latest variation on "phishing" scams, a form of fraud designed to trick people into giving personal data to criminals who have designed Web sites to look like those of respectable companies.
Ken Dunham, malicious code manager for iDefense Inc., a Reston-based computer security company, said he expects this kind of attack to become more widespread in coming weeks and months.
"These guys have the tools, techniques and motivation to launch highly sophisticated attacks that are very difficult for consumers to protect themselves against," he said. "Whoever is responsible has just seen how well this attack works, and other [hacker groups] are almost surely going to take notice."
Computers experts urged Internet users to install firewalls and antivirus software and to download the latest updates. A CERT alert said Explorer users also can protect themselves by turning off the JavaScript function in their browsers. That change, however, can impair Internet browsing since JavaScript is a programming language used to add interactive functions to many Web sites.
The attack takes advantage of several recently discovered security flaws in Microsoft's Internet browser and Internet Information Services Web software. Microsoft released a patch in April to fix one security hole in its Internet browser; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.
CERT recommends that Explorer users consider other browsers that are not affected by the attack, such as Mozilla, Mozilla Firefox, Netscape and Opera. Mac, Linux and other non-Windows operating systems are immune from this attack. For people who continue to use the Internet Explorer, CERT and Microsoft recommend setting the browser's security settings to "high," but that can impair some browsing functions.