Attack blunted, but concerns remain

Though a malicious Web site that generated last week's widespread Internet attack is shut down, concern remains more damaging mischief looms.

The malicious Web site that generated last week's widespread Internet attack has been shut down. But there's concern in the information security community that while this assault is over, the road may have been cleared for more damaging mischief in the future.

"While the majority of the traffic has died down, we are still receiving reports of administrators finding log files with indicators of msits.exe download," the Internet Storm Center, a service of the SANS Institute of Bethesda, Md., reported Sunday night. "We would like to remind all users that even though the main issue is over, the same exploit is continuing to be used by Web sites out there for malicious purposes. Practically all of the major antivirus services have signatures for this exploit, which is also known as JS.Scob.Trojan, Scob and JS.Toofeer."

The attack targets users of Microsoft Internet Information Services 5.0 (IIS) and Internet Explorer. Experts believe the goal was to deliver malicious code to visitors of a compromised Web site that could be used to steal credit card and other information then marketed to organized identity theft markets.

The U.S. Computer Emergency Readiness Team (US-CERT) said in an advisory that compromised sites were appending JavaScript to the bottom of Web pages. When executed, the JavaScript would attempt to access a file hosted on another server that may contain malicious code that could affect the end user's system.

Experts believe the attack was engineered by the HangUP Team out of Russia, the same for-profit malicious code group responsible for the recent rash of Korgo worms that attack the LSASS vulnerability Microsoft outlined in MS04-011. Microsoft said customers who have deployed Windows XP Service Pack 2 RC2 are not at risk.

Microsoft issued a statement over the weekend that said it's "working with law enforcement and industry partners to identify the individuals or entities responsible" for "this criminal act" and to bring them to justice.

"Customers who believe they may have been attacked should contact their local FBI or Secret Service office" or post their complaint with the FBI's Internet Fraud Complaint Center (IFCC), the statement said. "Customers outside of the U.S. should contact the national law enforcement agency in their country."

Microsoft recommended customers take the following steps to protect their machines:

  • Use an Internet firewall on all PCs and laptops.
  • Update machines with all the latest security patches, which can be downloaded here.
  • Use up-to-date antivirus software.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close