Internet Attack Exploits Microsoft Software Flaws ( Internet Explorer vulnerable )

Reuters ^ | Fri Jun 25, 2004 08:25 PM ET | Duncan Martell

[Ernest_at_the_Beach]

Internet Attack Exploits Microsoft Software Flaws Fri Jun 25, 2004 08:25 PM ET By Duncan Martell SAN FRANCISCO (Reuters) - A potentially dangerous attack on personal computers by a virus designed to steal financial data and passwords from Web users rippled across the Internet on Friday, computer security experts said. The attack, which surfaced earlier this week and is known as the "Scob" outbreak, exploits a vulnerability in servers using Microsoft Corp.'s IIS software and has been called more dangerous than the recent "Sasser" and "Blaster" infections. The infected servers in turn exploit another vulnerability in Microsoft's Internet Explorer browser to install a Trojan Horse virus on the PCs of Web surfers who visit the infected Web sites, said Alfred Huger, senior director of engineering at Internet security company Symantec Corp. "All of this takes place while it looks like you're viewing the same Web page," Huger said. "You don't even know that parts of your browser have been redirected to another Web site." The U.S. Computer Emergency Readiness team warned on its Web site that "any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code." The Trojan Horse places a keystroke logger on users' PCs and is designed to capture credit card numbers and passwords and send them back to a server in Russia, said Michael Murray, director of vulnerability and exposure at computer security firm nCircle Network Security. By late Friday, however, the threat to users' personal data has been diminished, at least for now. "The server appears to have been shut down in the last eight hours," Murray said. "We don't know if it was shut down by authorities or whether it was accidental." The attack is more alarming than most because there are no patches available yet from Microsoft to fix the vulnerability in Internet Explorer that lets the hackers take control of computers, security researchers said. On its Web site, Microsoft said users could search for the files "Kk32.dll" or "Surf.dat" to see if their PCs were infected. The company also suggested users set their browser security level to "high." Experts also urged computer users to update their anti-virus software protection software Most anti-virus software has been updated so that it can prevent the Trojan Horse from being installed, but because there is no patch yet available, there's no way to prevent future attacks to install the virus, Huger said. "The truly alarming part is there is no patch available for that vulnerability," Huger said.

[BigSkyFreeper]

What browser are you running?Firefox on both the desktop (98 machine) and the laptop (XP machine).

[Ernest_at_the_Beach]

Same complaints about Norton, plus it was always taking over the whole machine it seemed like.

CNET Article on the virus here:

Researchers warn of infectious Web sites

[BigSkyFreeper]

Same complaints about Norton, plus it was always taking over the whole machine it seemed like.

Exactly! When you uninstall it, it wouldn't uninstall everything properly and would give you a list of "cannot find *.exe file" error screens at bootup.

I laughed one time when I was fixing these errors on a computer network at the local insurance agent, and installed Mcafee and that installation package came up with an error box that said "we've detected stray files from Norton Anti-Virus exists on your computer, would you like us to get rid of these files?" and I clicked yes, and McAfee cleaned up Norton and successfully installed itself.

[greasepaint]

Everyone should keep in mind that these vulnerabilities
are designed in, so that Gates and his Hollywood buddies
can spy on you. Over time, these situations can
be exploited by others.

[Ernest_at_the_Beach]

ROFL!

Symantec just picked up Powerquest so now I may need to look for a replacement for Partition Magic.

Although disks have really gotten inexpensive so not such a big deal now.

[BigSkyFreeper]

Although disks have really gotten inexpensive so not such a big deal now.

True. I'm going to get a second hard drive and the one I have now will be used as a backup drive.

[Ernest_at_the_Beach]

Well this little virus thingie may just get me to move over to Linux, since the browser is the big issue and Firefox seems to be working well for most of what I do, and it will run on Linux.

[Ernest_at_the_Beach]

I have a bunch of storage.

[hummingbird]

"Okily, dokily, neighbor." (Ned Flanders voice off)

Thanks for pointing me in the right direction!

[Future Useless Eater]

On Friday SEVERAL security experts were recommending people abandon MS Internet Explorer, and most recommended Mozilla/Firefox.

...security officials are still piecing together how Microsoft's Internet Information Services (IIS) servers -- widely used to host popular Internet sites -- became infected, passing the virus-like code onto other Web sites and Internet Explorer browsers.

"Fully patched Explorer users are attacked at will, silently," Dunham said, adding that the effort appears to originate from a Russian group of "hackers for hire" who have a history of developing Trojans or malicious code that can steal credit card data and similar information that would later be sold for profit.

Dunham [with the Internet Storm Center, added] that "Internet Explorer users should consider an alternative browser, at least temporarily.
Mysterious New Threat Secretly Plagues Internet

Good advice from the experts...


And even if you are using Compuserve, AOL, or Earthlink etc, from some CD that was sent to you, it MIGHT actually be Internet Explorer with a different 'face' added to it.

I recommend users do NOT install OPERA as an alternative to IE at this time, since that appears to be a SPINOFF from IE. Note a sampling of the HTTP headers from Opera users all say they are compatible with various releases of MSIE (Internet Explorer), so they therefore are ALSO most likely corruptible by these Russian worms/trojans.

(compatible; MSIE 6.0; Windows NT 5.1) Opera 7.11
(compatible; MSIE 6.0; Windows NT 5.1) Opera 7.23
(compatible; MSIE 6.0; Windows NT 5.0) Opera 7.50
(compatible; MSIE 5.0; Windows XP) Opera 6.05
(compatible; MSIE 6.0; Windows 98) Opera 7.20
(compatible; MSIE 6.0; Windows 98) Opera 7.22

...here's AOL 9.0. Note it IS Internet Explorer, renamed and customized
(compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; .NET CLR 1.1.4322)"

...by comparison, spinoffs from Netscape do NOT say "compatible; MSIE" in them...
(Windows; U; Win98; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01"
(Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
(Windows; U; Windows NT 5.0; en-US; rv:1.7b) Gecko/20040316"

Most people using Compuserve, AOL, or Earthlink etc, or ANYTHING that came from your ISP can still LOG-IN with THAT software, THEN MINIMIZE it, and then use Firefox.

[Future Useless Eater]

from another thread...

We need a list from the Tech types, which browser will I be able to keep the longest, before the next mass infection, and while we are at it... email (simple please) I am changing both tomorrow, to what I don't know.

Well its hard to beat Firefox for features or security. I believe Microsoft refused to cooperate with the standards committee that developed javascript, so MS came out instead, with its own lousy javascript version that had lots of extra hooks and bugs and vulnerabilaties.

For all of us home users who are stuck with the Redmond operating system, I'd recommend trying to get ALL other software from SOMEWHERE ELSE for safety, NOT from microsoft.

I like the site nonags.com for very good open sourced software. These people for the most part ONLY recommend, test, and rank free software that does NOT NAG you for money to upgrade to a 'better version'.

If you need anything more commercial than that, I'd say the non-MS versions of software will be as good or better, and less virus-prone, than MS versions.

martin_fierro also had a good list of software for PC protection (except for the part about Opera).

Whichever email system you use.. BE SURE to turn OFF the reading of mail in HTML MODE. Read all messages in 'TEXT ONLY' mode or else you can be infecting your system JUST by reading a message (even without opening attachments).

Another reason to not allow HTML mode in your email reader, is that built-in images in the message (sometimes they're even invisible) will confirm to spammers that your email address is valid.

[Brad’s Gramma]

BTTT for later.

[mass55th]

Thanks, but I use Apple products only. Safari is my browser. Microsoft is a dirty word in this house.

[MEG33]

Thanks, beckett...I am a computer dunce and don't know how to look for this invasion, but I do have Norton on auto update...Norton has never found a virus when it scans my files.

[firewalk]

Thank you

[Mo1]

Well I don't what was causing problems on my computer this week

But I did want to beat the heck out of it with a baseball bat

[Allan]

Ping

[Ernest_at_the_Beach]

The move to Firefox is a very easy move, suggest you both look at it.

Shadowace had some good tips on the thread he started , now in the blogger chat area.

Link to it above here somewhere.

I am doing this right now under Firefox.

There are a few things to learn, but not many , use the right click on the mouse a bit more.

Firefox doesn't have the mail capability so is much smaller than IE.

If you are a big user of mail, then Mozilla has that.

[Ernest_at_the_Beach]

Link at post #2.

[COUNTrecount]

Thanks. Is there any way to tell if my computer has the virus? I ran a virus scan yesterday and it appeared that there was no problem(yet.)