Friday, June 25, 2004

Attack stopped, but vulnerability continues... News.Com: Web site virus attack blunted. "The attack, which had turned some Web sites into points of digital infection was nipped in the bud on Friday, when Internet engineers managed to shut down a Russian server that had been the source of malicious code for the attack." Link via Tomalak's Realm 6:17:11 PM    comment []

Surfing the web or providing web pages with Microsoft products? Stop. InfoWorld: Top News reports: "Web attack aims to steal surfers' financial details. A new Internet attack discovered late Thursday was designed by an infamous group of Russian virus writers to steal credit card and other financial information from Web surfers and send it to Web sites where it can be retrieved by hackers, security experts warned Friday." The key paragraphs: "Security experts have said that the attack only affects users of certain versions of Microsoft Corp.'s Internet Explorer browser... Additionally, Cluley said that it appears that the threat only affects Web servers running Microsoft IIS 5 (Internet Information Services) Web Server software and not Microsoft IIS 6, which comes with Windows 2003 Server." Make sure you've patched IIS with the Sasser patches. Raise the shields high on IE, or better yet, get a secure browser. According the article, some *major* sites have been hacked, so watch those credit card bills! Update: According to this article on Netcraft, the trojan can be installed silently on fully-patched versions of Internet Explorer. Until the extent of the exploit is known, you may want to hold off surfing with IE. 11:48:13 AM    comment []

This work is licensed under a Creative Commons License.