Attack blunted, but concerns remain

Bill Brenner, News Writer

The malicious Web site that generated last week's widespread Internet attack has been shut down. But there's concern in the information security community that while this assault is over, the road may have been cleared for more damaging mischief in the future.

"While the majority of the traffic has died down, we are still receiving reports of administrators finding log files with indicators of msits.exe download," the Internet Storm Center, a service of the SANS Institute of Bethesda, Md., reported Sunday night. "We would like to remind all users that even though the main issue is over, the same exploit is continuing to be used by Web sites out there for malicious purposes. Practically all of the major antivirus services have signatures for this exploit, which is also known as JS.Scob.Trojan, Scob and JS.Toofeer."

The attack targets users of Microsoft Internet Information Services 5.0 (IIS) and Internet Explorer. Experts believe the goal was to deliver malicious code to visitors of a compromised Web site that could be used to steal credit card and other information then marketed to organized identity theft markets.

The U.S. Computer Emergency Readiness Team (US-CERT) said in an

    Requires Free Membership to View

advisory that compromised sites were appending JavaScript to the bottom of Web pages. When executed, the JavaScript would attempt to access a file hosted on another server that may contain malicious code that could affect the end user's system.

Experts believe the attack was engineered by the HangUP Team out of Russia, the same for-profit malicious code group responsible for the recent rash of Korgo worms that attack the LSASS vulnerability Microsoft outlined in MS04-011. Microsoft said customers who have deployed Windows XP Service Pack 2 RC2 are not at risk.

Microsoft issued a statement over the weekend that said it's "working with law enforcement and industry partners to identify the individuals or entities responsible" for "this criminal act" and to bring them to justice.

"Customers who believe they may have been attacked should contact their local FBI or Secret Service office" or post their complaint with the FBI's Internet Fraud Complaint Center (IFCC), the statement said. "Customers outside of the U.S. should contact the national law enforcement agency in their country."

Microsoft recommended customers take the following steps to protect their machines:

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: