For any of you with users who just HAVE to use IM . . .
Download.Ject-style worm spreads via IM
By John Leyden, The Register Aug 20 2004 7:53AM
A Download.Ject-style worm which spreads through instant messages is spreading across the Net, according to intrusion prevention firm PivX.
The as-yet unnamed worm arrives as an innocuous looking instant message on AIM or ICQ which says: "My personal home page This link takes users to a one of a number of sites hosted in Uruguay, Russia and the US, from which a Trojan horse program is downloaded. These websites contains exploit code designed to infect surfers by taking advantages of a variety of well known IE exploits (such as Object Data, Ibiza CHM and MHTML Redirect).
Infection will modify a user's home page to a site called TargetSearch. The setting of an infected user's browser will also be changed to open up several browser windows displaying adult advertisement and referral links every time IE is loaded, according to preliminary analysis of the worm.
The scope of the worm's spread is unclear but early analysis hasn't revealed any of the key logging features that made the original Download.Ject worm such a menace.
On 24 June many websites running IIS 5 were infected with malicious JavaScript code called Download.Ject. Websites running the latest versions of Microsoft IIS were unaffected. Users visiting a website contaminated with Download.Ject activated a script that downloaded a Trojan horse (called Berbew) from a website in Russia.
Acting with law enforcement authorities, Microsoft was able to rapidly shut down the Russian website, but the affair still highlighted security concerns with IE. Security clearing house US-CERT took the extraordinary step of advising users to ditch IE in favour of alternative browsers. Microsoft has since fixed the underlying flaw that Download.Ject exploited.
PivX Labs has notified anti-virus vendors so that they can create signatures to defend against the latest threat, which is nowhere near as serious as the original Download.Ject worm. ®
© 2000 - 2004 Situation Publishing Ltd. All rights reserved.
"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."
"Trent the Uncatchable" in The Long Run by Daniel Keys Moran
Download.Ject-style worm spreads via IM
By John Leyden, The Register Aug 20 2004 7:53AM
A Download.Ject-style worm which spreads through instant messages is spreading across the Net, according to intrusion prevention firm PivX.
The as-yet unnamed worm arrives as an innocuous looking instant message on AIM or ICQ which says: "My personal home page This link takes users to a one of a number of sites hosted in Uruguay, Russia and the US, from which a Trojan horse program is downloaded. These websites contains exploit code designed to infect surfers by taking advantages of a variety of well known IE exploits (such as Object Data, Ibiza CHM and MHTML Redirect).
Infection will modify a user's home page to a site called TargetSearch. The setting of an infected user's browser will also be changed to open up several browser windows displaying adult advertisement and referral links every time IE is loaded, according to preliminary analysis of the worm.
The scope of the worm's spread is unclear but early analysis hasn't revealed any of the key logging features that made the original Download.Ject worm such a menace.
On 24 June many websites running IIS 5 were infected with malicious JavaScript code called Download.Ject. Websites running the latest versions of Microsoft IIS were unaffected. Users visiting a website contaminated with Download.Ject activated a script that downloaded a Trojan horse (called Berbew) from a website in Russia.
Acting with law enforcement authorities, Microsoft was able to rapidly shut down the Russian website, but the affair still highlighted security concerns with IE. Security clearing house US-CERT took the extraordinary step of advising users to ditch IE in favour of alternative browsers. Microsoft has since fixed the underlying flaw that Download.Ject exploited.
PivX Labs has notified anti-virus vendors so that they can create signatures to defend against the latest threat, which is nowhere near as serious as the original Download.Ject worm. ®
© 2000 - 2004 Situation Publishing Ltd. All rights reserved.
"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."
"Trent the Uncatchable" in The Long Run by Daniel Keys Moran