Internet Explorer Users in Extreme Danger! Hot.

[Guest guest]

This appears to be legitimate. Let me know what you think!!

Just another reason to switch to Mac.

 

http://news.com.com/Corporate%20Web%20servers%20infecting%20

visitors%27%20PCs/2100-7349_3-5247187.html?tag=nefd.top

 

Corporate Web servers infecting visitors' PCs

Last modified: June 24, 2004, 6:35 PM PDT

By Robert Lemos

Staff Writer, CNET News.com

 

 

Security researchers warned Web surfers on Thursday to

be on their guard after uncovering evidence that

widespread Web server compromises have turned

corporate home pages into points of digital infection.

 

The researchers believe that online organized crime

groups are breaking into Web servers, surreptitiously

inserting code that takes advantage of two flaws in

Internet Explorer that Microsoft has not yet fixed.

Those flaws allow the Web server to install a program

that takes control of the user's computer.

 

 

 

Get Up to Speed on...

Enterprise security

Get the latest headlines and

company-specific news in our

expanded GUTS section.

 

 

The extent of the attacks is unknown, but the security

community has seen numerous cases of personal

computers infected when the user merely visits a Web

site.

 

" It is not epidemic, but it is being seen, " said

Alfred Huger, senior director of engineering for

security firm Symantec. " Do we think it is serious?

Yeah. It's a concern and it's insidious. "

 

The tactic is not new. Earlier this month, an

independent security researcher found an aggressive

advertising program, known as adware, that installed

itself onto a victim's computer via the same two flaws

in Internet Explorer. A large financial client called

in Symantec in late April after an employee's system

had been infected when he used Internet Explorer to

browse an infected Web site. Last fall, a similar may

attack have been facilitated through a mass intrusion

at Interland, said sources familiar with that case.

 

This time, however, the flaws affect every user of

Internet Explorer, because Microsoft has not yet

released a patch. Moreover, the infectious Web sites

are not just those of minor companies inhabiting the

backwaters of the Web, but major firms, including some

banks, said Brent Houlahan, chief technology officer

of NetSec.

 

" There's a pretty wide variety, " he said. " There are

auction sites, price comparison sites, and financial

institutions. "

 

The Internet Storm Center, which monitors Net threats,

confirmed that the list of infected sites included

some large Web properties.

 

" We won't list the sites that are reported to be

infected in order to prevent further abuse, but the

list is long and includes businesses that we presume

would normally be keeping their sites fully patched, "

the group stated on its Web site.

 

The group also pointed out that the malicious program

uploaded to a victim's computer is not currently

detected as a virus by most antivirus software. With

no patch from Microsoft, that leaves Internet Explorer

users vulnerable. A representative of the software

giant was not immediately available for comment on

when a patch might be available.

 

Researchers believe that attackers seed the Web sites

with malicious code by breaking into unsecured servers

or by using a previously unknown vulnerability in

Microsoft's Web software, Internet Information Server

(IIS). When a victim browses the site, the code

redirects them to one of two sites, most often to

another server in Russia. That server uses the pair of

Microsoft Internet Explorer vulnerabilities to upload

and execute a remote access Trojan horse, RAT, to the

victim's PC. The software records the victim's

keystrokes and opens a backdoor in the system's

security to allow the attacker to access the computer.

 

Currently, researchers have two theories as to who is

behind the attacks. The Internet Storm Center pointed

to the similarities between these attacks and previous

virus epidemics aimed at co-opting computers for use

in illegal spam networks.

 

" There is quite a bit of evidence that what we are

seeing is yet another technique for spreading and

installing 'spamware', " the group stated on its site.

" We don't see any evidence that this attack is related

to the construction of a DDoS (distributed denial of

service) network or other type of typical zombie-based

attack group. "

 

However, Symantec believes that the attacks last fall

and in April, which the current one most resembles,

were conducted by online organized crime from Russia.

The theory is not only supported by the fact that the

server storing the malicious code is in Russia, but

also by the sophisticated nature of the attacks,

Symantec's Huger said.

 

" It's a group of people that have resources to bring

to play, " he said, adding that the attack programs

were not amateur material. " The code wasn't pulled off

a Web site; it was custom. "

 

Meanwhile, the average Internet surfer is left with

few options. Windows users could download an alternate

browser, such as Mozilla or Opera, and Mac users are

not in danger.

 

NetSec's Houlahan advocated drastic action.

 

" I told my wife, unless it is absolutely necessary and

unless you are going to a site like our banking site,

stay off the Internet right now, " he said.

 

 

 

 

 

 

New and Improved Mail - Send 10MB messages!