Batten Down the Hatches

Discussion in 'Java' started by Roedy Green, Jun 25, 2004.

  1. Roedy Green

    Roedy Green Guest

    I generally recommend people avoid using Internet Explorer and
    Outlook. For the next few weeks it is especially important to avoid

    For alternatives see and

    I noticed the MS Windows update site is down.


    Most major antivirus companies plan to update their antivirus software
    to spot systems infected with the back doors and keystroke loggers
    associated with this attack.

    Subject: (fwd) Major Internet Attack Under Way

    Google Search; News (by date): internet attack

    Major Internet Attack Under Way
    June 25, 2004

    By George V. Hulme

    Internet security organizations are warning that dozens of major
    Internet sites, and potentially thousands of Web sites across the
    Internet, are currently under attack.

    Several Web administrators from major companies said their
    Windows-based Web servers were compromised despite being up to date on
    security patches, security analysts reported.

    "We've been watching activity since last Sunday, but it's now hit a
    critical mass," says Marcus Sachs, director of the SANS Internet Storm
    Center, who is in communications with Homeland Security's National
    Cyber Security division about the attack.

    The attack appears to be one of the most sophisticated Internet
    attacks to date. The attackers are compromising and infecting
    E-commerce and corporate Web sites with malicious code. That code is
    used to infect Web surfers' using certain versions of Internet

    Security experts say Web surfers visiting these sites are at risk of
    having their machines infected with Trojan horse applications, used to
    hijack computers, as well as keystroke loggers, which are capable of
    stealing personal information such as financial account numbers and

    It's not clear if the latest Internet Explorer patches are able to
    protect users' systems from becoming infected. Internet security firm
    Symantec's DeepSight Threat Alert says IE users are being infected
    through a known, but still unpatched, Internet Explorer flaw.

    Syamantec's BugTraq ID for the flaws are 10472 and 10473. More
    information about these flaws are available at and .

    Security experts have been studying the attack and are unclear about
    the motive behind it. Some say the attacks can be traced to a Russian
    Web IP address of known spammers; others say the attack is designed to
    steal consumers' financial information.

    Daniel J. Frasnelli, manager of the technical assistance center for
    managed security services provider NetSec, says it started monitoring
    the attack activity early Thursday and immediately notified its
    security customers.

    NetSec wouldn't disclose the names of the E-commerce sites under
    attack, citing legal fears, but Frasnelli said infected sites include
    a major auction site, an auto-pricing site, and search-engine sites.
    "We all know these sites," he says.

    Security researchers say it's not yet clear how the attackers have
    compromised these Web sites. "It'll take some considerable forensic
    examinations," says Alfred Huger, senior director of engineering for
    Internet security firm Symantec.

    It appears that the attackers are compromising Web servers running
    Microsoft's Internet Information Services, either because they aren't
    patched or through a newfound software vulnerability.

    Web surfers who visit infected sites are infected via gif images or
    other Web-site objects that have malicious code attached to them,
    including keystroke loggers and Trojan horse applications.

    "Our big concern is that there is a zero-day vulnerability in IIS,"
    Sachs says.

    Microsoft is investigating the attacks. The software vendor issued a
    statement saying that "at 4:00 pm PT [Thursday], Microsoft began
    investigating reports that some customers running unprotected versions
    of IIS 5.0, a component of Windows 2000 Server, were being targeted."

    Microsoft and Symantec say these sites are being hit with a malicious
    application known as Download_Ject.

    At 3 a.m. Friday, Microsoft issued a statement saying that "early
    indications suggest" that unpatched IIS 5.0 Servers are the systems
    targeted in the attack. Microsoft said the servers have not been
    updated with the patch included in Microsoft security bulletin April
    MS04-011. "Customers should ensure they have installed MS04-011 to
    help secure against the issues corrected by that security update," the
    company said.

    Microsoft is also urging its customers to download and install the IE
    patch included with Microsoft Security Bulletin MS04-013 and that they
    "utilize high security settings" in Internet Explorer.

    To help defend against the attack, Microsoft is urging consumers to
    read It's
    also asking its business customers to read;en-us;833633 to
    "minimize risk." Microsoft corporate customers that have deployed XP
    SP2 RC2 are not at risk to the attack, the company said.

    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See for The Java Glossary.
    Roedy Green, Jun 25, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. SirPoonga
    Ben Strackany
    Jan 7, 2005
  2. einstein
    Christophe Vanfleteren
    Sep 28, 2003
  3. Replies:
    Jonathan N. Little
    Feb 16, 2006
  4. weiwei
    Jan 5, 2007
  5. Jack
  6. msimmons
    Jul 16, 2009
  7. Replies:
  8. Replies: