RealTime IT News

New Download.Ject Attack Hits IM Networks

The Download.Ject malware attack has resurfaced, using the popular AIM and ICQ instant messaging networks to spread itself.

According to an alert from PivX Labs, the worm targets several known flaws in Microsoft's Internet Explorer (IE) browser to redirect compromised machines to Web sites displaying adult advertisement and referral links.

PivX Labs described the latest attack as a variant of the Download.Ject attack, which hijacked a large number of popular Web sites and used them distribute malicious programs on infected machines.

The worm was programmed to download and install Trojan horse programs like keystroke loggers, proxy servers and other back doors, which provided full access to the infected system.

PivX Labs discovered the latest mutant, which appeared as an innocuous looking instant message on AIM or ICQ which says: "My personal home page http://XXXXXXX.X-XXXXXX.XXX/."

"Once the user clicks on this link, IE opens a malicious Web site that infects the user through several IE vulnerabilities, such as Object Data, Ibiza CHM and MHTML Redirect," the company said, referring to several known, and still unpatched, vulnerabilities in the world's most widely used browser.

Once a system becomes infected, the worm modifies the IE homepage and search pane and replaces them with a site called TargetSearch and several browser windows displaying adult advertisement and referral links.

"There are obvious financial motivations behind this worm," said PivX researcher Thor Larholm. "This is additional proof that virus writers are becoming more creative in their efforts to wreak havoc on the Internet community."

America Online spokesman Andrew Weinstein made it clear the latest attack was not the result of a security hole in the company's public IM products.

"This is a security issue with Internet Explorer," Weinstein told internetnews.com. "But, it points out the importance of being extremely cautious before clicking on any link in any communication a user receives, whether in an IM or e-mail.

"We continue to caution our users to avoid clicking on URLs links from unknown users or links they don't expect to receive, even if it's from someone on their buddy list," said Weinstein.

Microsoft's security section contains a page dedicated to Download.Ject, which contains links to a free virus removal tool and information on configuration changes that could minimize the threat.

The software giant has also issued a patch that promised a comprehensive fix to the core vulnerability, which led to the Download.Ject attack. But researchers insist that the browser is a security risk.