Malware Hacker Attack Linked to Spammers
Page 1 of 1
The SANS Internet Storm Center, which tracks malicious Internet activity, reported that a large number of popular Web sites were compromised earlier this week to distribute malicious code that targets a known bug in Microsoft Internet Explorer.
"These Trojan horse programs include keystroke loggers, proxy servers and other back doors providing full access to the infected system."
The center believes the attack is the work of a sophisticated international spam ring.
"There is quite a bit of evidence that what we are seeing is yet another technique for spreading and installing 'spamware' to create proxies to relay and send spam. We don't see any evidence that this attack is related to the construction of a DDoS network."
Early Friday morning, Microsoft issued a "critical" notice for the Download.Ject malware. The software giant said it was investigating reports of the malware targeting customers using Microsoft Internet Information Services 5.0 (IIS) and the IE browser.
There is conflicting information on whether a patch is available to protect against the hacker attack. Microsoft's alert said Web servers running Windows 2000 Server and IIS that have not applied a patch issued in its MS04-011 advisory "are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code."
However, The center said several server administrators reported that they were fully patched.
Once the hackers break into the Web site, files have been modified, and a Trojan downloader called "Scob" or "Download.Ject" is appended to the files causing IE to execute it. "No warning will be displayed. The user does not have to click on any links. Just visiting an infected site will trigger the exploit."
Microsoft first reported the exploited IE vulnerability as extremely critical on June 10, but the company has yet to issue a security fix.
"Microsoft is actively investigating these reports to determine the appropriate course of action to protect our customers. This might include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs," Microsoft said in a statement.
Since then, malicious hackers have unleashed "zero day exploits" to load