-=PCTechTalk=- Re: CRITICAL INFO-PLEASE READ
- From: Glen <glbbrown@xxxxxxxxx>
- To: pctechtalk@xxxxxxxxxxxxx
- Date: Fri, 25 Jun 2004 17:33:19 -0700 (PDT)
All this was in my earlier email about a Net Virus.
Glen
--- cris <cris@xxxxxxxxxxxxxxxx> wrote:
> Something I just got today from a friend. Does
> anyone know anything?:
>
>
> Web browser flaw prompts warning
>
> you can read about it on Windows Page
>
>
>
http://www.microsoft.com/security/incident/download_ject.mspx
>
>
> Microsoft has issued advice about the
> loophole
> Users are being told to avoid using Internet
> Explorer until Microsoft
> patches a serious security hole in it.
> The loophole is being exploited to open a
> backdoor on a PC that could
> let criminals take control of a machine.
>
> The threat of infection is so high because the
> code created to exploit
> the loophole has somehow been placed on many popular
> websites.
>
> Experts say the list of compromised sites
> involves banks, auction and
> price comparison firms and is growing fast.
>
> Serious problem
>
> The net watchdog, the US Computer Emergency
> Reponse Center, and the
> net security monitor, the Internet Storm Center,
> have both issued warnings
> about the combined threat of compromised websites
> and browser loophole.
>
> Cert said: "Users should be aware that any
> website, even those that
> may be trusted by the user, may be affected by this
> activity and thus
> contain potentially malicious code."
>
> In its round-up of the threat the Internet
> Storm Center bluntly stated
> that users should if possible "use a browser other
> then MS Internet Explorer
> until the current vulnerabilities in MSIE are
> patched."
>
> CHECKING FOR INFECTION
> Click the Start button and then click on
> Search
> Make sure you choose the option to look
> through all files and
> folders
> Search for files called Kk32.dll and
> Surf.dat
> If infected use up to date anti-virus
> software to remove the
> malicious code
> So far it is unclear how the malicious code
> that exploits the weakness
> in Microsoft's Internet Explorer has been inserted
> on popular websites.
>
> What is known that any Windows 2000 Server
> that does not have the
> MS04-011 security update installed and is running
> Internet Information
> Server could be at risk.
>
> The virulent Sasser worm exploited loopholes
> closed by this update so
> many servers are likely to be patched against the
> problem.
>
> Infected servers are adding a malicious chunk
> of Javascript to all the
> web, gif and jpg files served up to anyone browsing
> the sites they host.
>
> When loading on a browsing PC, this chunk of
> code might trigger a
> Windows error message.
>
> Once downloaded the code redirects a browser
> to a Russian website
> which tries to install a program that opens a
> backdoor into the PC.
>
> Some net service firms have started blocking
> access to this Russian
> site.
>
> Check for infection
>
> Anti-virus firms are now working on putting
> detectors for the chunk of
> code in to their scanning software.
>
>
> A Russian website is spreading the
> malicious code
> Security firm Symantec said the malicious code
> was not widespread and
> did little damage.
>
> The reason that the server/browser combination
> has been created
> remains a mystery.
>
> Some speculate that it is the work of spammers
> looking to create yet
> another network of compliant PCs that can be used as
> proxies to spread junk
> mail.
>
> Microsoft has issued advice to consumers and
> web administrators about
> dealing with the problem.
>
> Administrators are urged to apply the update
> that will make them
> immune to infection.
>
> Home users are being told to update their
> browser and avoid the threat
> by turning off Javascript. However, this could mean
> that some webpages do
> not display as expected.
>
> Microsoft has also given advice about how
> people can check if they are
> infected.
>
> So far the server/browser combination has not
> been given a single
> name. In its warning about the problem Microsoft
> calls it download.ject but
> others, such as F-Secure, are calling it Scob.
>
>
> To unsub or change your email settings:
> //www.freelists.org/webpage/pctechtalk
>
> To access our Archives:
> http://groups.yahoo.com/group/PCTechTalk/messages/
> //www.freelists.org/archives/pctechtalk/
>
> For more info:
>
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
