HomeSecurity

New Download.Ject Attack Hits IM Networks

Ryan Naraine
By Ryan Naraine

The Download.Ject malware attack has resurfaced, using the popular
AIM and ICQ instant messaging networks to spread itself.

According to an alert from PivX Labs, the worm targets several known
flaws in Microsoft’s Internet Explorer (IE) browser
to redirect compromised machines to Web sites displaying adult
advertisement and referral links.

PivX Labs described the latest attack as a variant of the
Download.Ject attack,
which hijacked a large number of popular Web sites and used them
distribute malicious programs on infected machines.

The worm was programmed to download and install Trojan horse programs
like keystroke loggers, proxy servers and other back doors, which provided
full access to the infected system.

PivX Labs discovered the latest mutant, which appeared as an
innocuous looking instant message on AIM or ICQ which says: “My
personal home page http://XXXXXXX.X-XXXXXX.XXX/.”

“Once the user clicks on this link, IE opens a
malicious Web site that infects the user through several IE
vulnerabilities, such as Object Data, Ibiza CHM and MHTML Redirect,” the
company said, referring to several known, and still unpatched,
vulnerabilities in the world’s most widely used browser.

Once a system becomes infected, the worm modifies the IE homepage and
search pane and replaces them with a site called TargetSearch and several
browser windows displaying adult advertisement and referral links.

“There are obvious financial motivations behind this worm,” said PivX
researcher Thor Larholm. “This is additional proof that virus writers
are becoming more creative in their efforts to wreak havoc on the
Internet community.”

America Online spokesman Andrew Weinstein made it
clear the latest attack was not the result of a security hole in the
company’s public IM products.

“This is a security issue with Internet
Explorer,” Weinstein told internetnews.com. “But, it points out the importance of being extremely cautious
before clicking on any link in any communication a user receives,
whether in an IM or e-mail.

“We continue to caution our users to avoid clicking on URLs links
from unknown users or links they don’t expect to receive, even if
it’s from someone on their buddy list,” said Weinstein.

Microsoft’s security section contains a page
dedicated to Download.Ject, which contains links to a free virus
removal tool and information on configuration
changes that could minimize the threat.

The software giant has also issued a
patch that promised a comprehensive fix to the core vulnerability, which
led to the Download.Ject attack. But researchers insist that the
browser is a security risk.

Ryan Naraine
Ryan Naraine
Previous article
Alcatel Spreading DSL Wealth in China
Next article
VZ Wireless Westward Expansion on Track

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.