NOTICE: Instant Messages Can Spread Download.Ject

NOTICE: Instant Messages Can Spread Download.Ject
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
NOTICE: Instant Messages Can Spread Download.Ject Leythos 08-20-2004
Posted by Leythos on August 20, 2004, 11:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
A Download.Ject-style worm which spreads through instant messages is
spreading across the Net, according to intrusion prevention firm PivX.

The as-yet unnamed worm arrives as an innocuous looking instant message
on AIM or ICQ which says: "My personal home page http://XXXXXXX.X-
XXXXXX.XXX/". This link takes users to a one of a number of sites hosted
in Uruguay, Russia and the US, from which a Trojan horse program is
downloaded. These websites contains exploit code designed to infect
surfers by taking advantages of a variety of well known IE exploits
(such as Object Data, Ibiza CHM and MHTML Redirect).

Infection will modify a user's home page to a site called TargetSearch.
The setting of an infected user's browser will also be changed to open
up several browser windows displaying adult advertisement and referral
links every time IE is loaded, according to preliminary analysis of the
worm.

The scope of the worm's spread is unclear but early analysis hasn't
revealed any of the key logging features that made the original
Download.Ject worm such a menace.

On 24 June many websites running IIS 5 were infected with malicious
JavaScript code called Download.Ject. Websites running the latest
versions of Microsoft IIS were unaffected. Users visiting a website
contaminated with Download.Ject activated a script that downloaded a
Trojan horse (called Berbew) from a website in Russia.

Acting with law enforcement authorities, Microsoft was able to rapidly
shut down the Russian website, but the affair still highlighted security
concerns with IE. Security clearing house US-CERT took the extraordinary
step of advising users to ditch IE in favour of alternative browsers.
Microsoft has since fixed the underlying flaw that Download.Ject
exploited.

PivX Labs has notified anti-virus vendors so that they can create
signatures to defend against the latest threat, which is nowhere near as
serious as the original Download.Ject worm. ®

http://www.theregister.com/2004/08/20/im_worm/

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)


Similar ThreadsPosted
Notice how tha RIAA MPAA Shill ran away? July 9, 2008, 6:02 am
software download blocker January 8, 2006, 4:55 am
ActiveX drive-by download Sites December 29, 2004, 1:01 pm
Norton Internet Security Download Manager March 30, 2005, 11:32 am
Re: Download freeware RKR scanning software (detect Sony rootkit & others) November 26, 2005, 4:58 am
instant messenger eavesdropping question June 16, 2006, 9:05 pm
IE Used to Launch Instant Messaging and Questionable Clicks October 3, 2006, 10:23 pm
Port for PKI messages May 6, 2005, 10:31 am
Proxy sign messages July 26, 2005, 12:58 pm
Re: MI5 messages are a DDOS attack? November 18, 2007, 7:27 pm

The site map in XML format XML site map

Contact Us | Privacy Policy