There's some new Internet worm/virus spreading around that exploits a few different holes in Microsoft software at the same time.
Web infection may be aimed at stealing financial data
The infection appears to take advantage of three separate flaws with Microsoft Corp. products. Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.
"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the U.S. Computer Emergency Readiness Team warned in an Internet alert.
Infectious Web sites attack through Microsoft browser
"The attacker uploaded a small file with (JavaScript) to infected web sites, and altered the web server configuration to append the script to all files served by the web server," according to an explanation posted by the Internet Storm Center in Bethesda, Md.
The JavaScript instructs the user's browser to download and install various malicious programs from a Russian Web site, including a keystroke logger and other software that could give hackers unauthorized access to an infected computer.
"No warning will be displayed," the explanation emphasized." The user does not have to click on any links. Just visiting an infected site will trigger the exploit."
Experts said the attack's effects were unusually broad but weren't substantially interfering with Internet traffic.
So, it exploits holes in IIS that cause it to append some Javascript to all pages served, which then exploits holes in Internet Explorer to install keyloggers and whatever else. Pretty impressive, actually.
This is an example of why I recommend that no one ever use Internet Explorer, ever, for security reasons.
Security experts noted that users can avoid the exploit by using alternative browsers such as Mozilla and Opera. Users could also turn off the "Javascript" feature on their Microsoft browsers, though doing so cripple functions on some sites.
And, of course. The Macintosh is safe:
The infection does not affect Macintosh versions of Internet Explorer.
Update: More at Slashdot, via Julian
Update: As I expected he would, Kayode has a whole bunch more.
Friday, June 25, 2004
Permalink
OK. Now you have beaten me. But I am not the kind of guy to worry about viruses. And I take some very cautious measures. And I use Internet cafes.
Live on, Mozilla. But live on longer, Internet Explorer.