-=PCTechTalk=- Re: CRITICAL INFO-PLEASE READ
- From: "cris" <cris@xxxxxxxxxxxxxxxx>
- To: <pctechtalk@xxxxxxxxxxxxx>
- Date: Fri, 25 Jun 2004 19:31:19 -0400
I have the april 16th patch - 835732 on my system -
cris
----- Original Message -----
From: milady
To: pctechtalk@xxxxxxxxxxxxx
Sent: Friday, June 25, 2004 6:51 PM
Subject: -=PCTechTalk=- Re: CRITICAL INFO-PLEASE READ
Might go check in your control panel ad/remove...I have the number for this
showing as there.
----- Original Message -----
From: cris
To: PCTechTalk
Sent: Friday, June 25, 2004 3:38 PM
Subject: -=PCTechTalk=- CRITICAL INFO-PLEASE READ
Something I just got today from a friend. Does anyone know anything?:
Web browser flaw prompts warning
you can read about it on Windows Page
http://www.microsoft.com/security/incident/download_ject.mspx
Microsoft has issued advice about the loophole
Users are being told to avoid using Internet Explorer until Microsoft
patches a serious security hole in it.
The loophole is being exploited to open a backdoor on a PC that could
let criminals take control of a machine.
The threat of infection is so high because the code created to exploit
the loophole has somehow been placed on many popular websites.
Experts say the list of compromised sites involves banks, auction and
price comparison firms and is growing fast.
Serious problem
The net watchdog, the US Computer Emergency Reponse Center, and the
net security monitor, the Internet Storm Center, have both issued warnings
about the combined threat of compromised websites and browser loophole.
Cert said: "Users should be aware that any website, even those that
may be trusted by the user, may be affected by this activity and thus
contain potentially malicious code."
In its round-up of the threat the Internet Storm Center bluntly stated
that users should if possible "use a browser other then MS Internet Explorer
until the current vulnerabilities in MSIE are patched."
CHECKING FOR INFECTION
Click the Start button and then click on Search
Make sure you choose the option to look through all files and
folders
Search for files called Kk32.dll and Surf.dat
If infected use up to date anti-virus software to remove the
malicious code
So far it is unclear how the malicious code that exploits the weakness
in Microsoft's Internet Explorer has been inserted on popular websites.
What is known that any Windows 2000 Server that does not have the
MS04-011 security update installed and is running Internet Information
Server could be at risk.
The virulent Sasser worm exploited loopholes closed by this update so
many servers are likely to be patched against the problem.
Infected servers are adding a malicious chunk of Javascript to all the
web, gif and jpg files served up to anyone browsing the sites they host.
When loading on a browsing PC, this chunk of code might trigger a
Windows error message.
Once downloaded the code redirects a browser to a Russian website
which tries to install a program that opens a backdoor into the PC.
Some net service firms have started blocking access to this Russian
site.
Check for infection
Anti-virus firms are now working on putting detectors for the chunk of
code in to their scanning software.
A Russian website is spreading the malicious code
Security firm Symantec said the malicious code was not widespread and
did little damage.
The reason that the server/browser combination has been created
remains a mystery.
Some speculate that it is the work of spammers looking to create yet
another network of compliant PCs that can be used as proxies to spread junk
mail.
Microsoft has issued advice to consumers and web administrators about
dealing with the problem.
Administrators are urged to apply the update that will make them
immune to infection.
Home users are being told to update their browser and avoid the threat
by turning off Javascript. However, this could mean that some webpages do
not display as expected.
Microsoft has also given advice about how people can check if they are
infected.
So far the server/browser combination has not been given a single
name. In its warning about the problem Microsoft calls it download.ject but
others, such as F-Secure, are calling it Scob.
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
