All this was in my earlier email about a Net Virus. Glen --- cris <cris@xxxxxxxxxxxxxxxx> wrote: > Something I just got today from a friend. Does > anyone know anything?: > > > Web browser flaw prompts warning > > you can read about it on Windows Page > > > http://www.microsoft.com/security/incident/download_ject.mspx > > > Microsoft has issued advice about the > loophole > Users are being told to avoid using Internet > Explorer until Microsoft > patches a serious security hole in it. > The loophole is being exploited to open a > backdoor on a PC that could > let criminals take control of a machine. > > The threat of infection is so high because the > code created to exploit > the loophole has somehow been placed on many popular > websites. > > Experts say the list of compromised sites > involves banks, auction and > price comparison firms and is growing fast. > > Serious problem > > The net watchdog, the US Computer Emergency > Reponse Center, and the > net security monitor, the Internet Storm Center, > have both issued warnings > about the combined threat of compromised websites > and browser loophole. > > Cert said: "Users should be aware that any > website, even those that > may be trusted by the user, may be affected by this > activity and thus > contain potentially malicious code." > > In its round-up of the threat the Internet > Storm Center bluntly stated > that users should if possible "use a browser other > then MS Internet Explorer > until the current vulnerabilities in MSIE are > patched." > > CHECKING FOR INFECTION > Click the Start button and then click on > Search > Make sure you choose the option to look > through all files and > folders > Search for files called Kk32.dll and > Surf.dat > If infected use up to date anti-virus > software to remove the > malicious code > So far it is unclear how the malicious code > that exploits the weakness > in Microsoft's Internet Explorer has been inserted > on popular websites. > > What is known that any Windows 2000 Server > that does not have the > MS04-011 security update installed and is running > Internet Information > Server could be at risk. > > The virulent Sasser worm exploited loopholes > closed by this update so > many servers are likely to be patched against the > problem. > > Infected servers are adding a malicious chunk > of Javascript to all the > web, gif and jpg files served up to anyone browsing > the sites they host. > > When loading on a browsing PC, this chunk of > code might trigger a > Windows error message. > > Once downloaded the code redirects a browser > to a Russian website > which tries to install a program that opens a > backdoor into the PC. > > Some net service firms have started blocking > access to this Russian > site. > > Check for infection > > Anti-virus firms are now working on putting > detectors for the chunk of > code in to their scanning software. > > > A Russian website is spreading the > malicious code > Security firm Symantec said the malicious code > was not widespread and > did little damage. > > The reason that the server/browser combination > has been created > remains a mystery. > > Some speculate that it is the work of spammers > looking to create yet > another network of compliant PCs that can be used as > proxies to spread junk > mail. > > Microsoft has issued advice to consumers and > web administrators about > dealing with the problem. > > Administrators are urged to apply the update > that will make them > immune to infection. > > Home users are being told to update their > browser and avoid the threat > by turning off Javascript. However, this could mean > that some webpages do > not display as expected. > > Microsoft has also given advice about how > people can check if they are > infected. > > So far the server/browser combination has not > been given a single > name. In its warning about the problem Microsoft > calls it download.ject but > others, such as F-Secure, are calling it Scob. > > > To unsub or change your email settings: > //www.freelists.org/webpage/pctechtalk > > To access our Archives: > http://groups.yahoo.com/group/PCTechTalk/messages/ > //www.freelists.org/archives/pctechtalk/ > > For more info: > //www.freelists.org/cgi-bin/list?list_id=pctechtalk > > __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk