Sunday, June 27, 2004

This just in from the Internet Storm Site:

A large number of web sites, some of them quite popular, were compromised earlier this week to distribute malicious code. The attacker uploaded a small file with javascript to infected web sites, and altered the web server configuration to append the script to all files served by the web server. The Storm Center and others are still investigating the method used to compromise the servers. Several server administrators reported that they were fully patched.

If a user visited an infected site, the javascript delivered by the site would instruct the user's browser to download an executable from a Russian web site and install it. Different executables were observed. These trojan horse programs include keystroke loggers, proxy servers and other back doors providing full access to the infected system.

The javascript uses a so far unpatched vulnerability in MSIE to download and execute the code. No warning will be displayed. The user does not have to click on any links. Just visiting an infected site will trigger the exploit.


Be warned! If your browser pops up a request to install software, DENY IT! Especially if this happens on a website you have visited before. There is a good chance that a lot of servers on the web have been infected, and even sites you trust could be attempting to infect your computer! Until everyone cleans up their servers - do not allow any automatic installations of software while surfing.

A better way to avoid this problem is to use Netscape or Firefox - any browser other than Microsoft Internet Explorer. By the way, AOL uses MSIE by default, so all you AOL users should be extra careful! Minimize the AOL browser and run netscape to surf the web.