If you use Internet Explorer to browse the web you may want to turn off JavaScript for a few days.

The bad guys have apparently found a new vulnerability in web servers running on Microsoft’s Internet Information Server (IIS) 5 and have hacked some pretty big name sites with code that could infect your PC with a virus merely by visiting a web page using yet another vulnerability in Internet Explorer. Word of this new threat went up on the US-CERT webpage just yesterday and a related article on CNet’s News.com was reporting that as of yesterday there wasn’t a patch available from Microsoft to fix the vulnerability and the major anti-virus companies weren’t ready with a DAT update to detect the virus if it is installed on your system. Compromised webservers are appending a JavaScript to the bottom of webpages that attempts to contact a remote server and download the virus to your PC so for the time being folks are being encouraged to turn off JavaScript in your browser.

The group also pointed out that the malicious program uploaded to a victim’s computer is not currently detected as a virus by most antivirus software. With no patch from Microsoft, that leaves Internet Explorer users vulnerable. A representative of the software giant was not immediately available for comment on when a patch might be available.

Researchers believe that attackers seed the Web sites with malicious code by breaking into unsecured servers or by using a previously unknown vulnerability in Microsoft’s Web software, Internet Information Server (IIS). When a victim browses the site, the code redirects them to one of two sites, most often to another server in Russia. That server uses the pair of Microsoft Internet Explorer vulnerabilities to upload and execute a remote access Trojan horse, RAT, to the victim’s PC. The software records the victim’s keystrokes and opens a back door in the system’s security to allow the attacker to access the computer.

Currently, researchers have two theories as to who is behind the attacks. The Internet Storm Center pointed to the similarities between these attacks and previous virus epidemics aimed at co-opting computers for use in illegal spam networks.

“There is quite a bit of evidence that what we are seeing is yet another technique for spreading and installing ‘spamware,’” the group stated on its site. “We don’t see any evidence that this attack is related to the construction of a DDoS (distributed denial of service) network or other type of typical zombie-based attack group.”

However, Symantec believes that the attacks last fall and in April, which the current one most resembles, were conducted by online organized crime groups from Russia. The theory is supported not only by the fact that the server storing the malicious code is in Russia, but also by the sophisticated nature of the attacks, Symantec’s Huger said.

“It’s a group of people that have resources to bring to play,” he said, adding that the attack programs were not amateur material. “The code wasn’t pulled off a Web site; it was custom.”

Either way, this one is nasty so take steps to protect yourself and be sure to check with your anti-virus company and Microsoft’s Windows Update regularly for any patches and updates that will be available soon, if not already.

7 thoughts on “If you use Internet Explorer to browse the web you may want to turn off JavaScript for a few days.

  1. I think I figured out the answer to my question from another thread: “Why are some comments not registering the commenter’s name? All I’m seeing in these cases is: eg: ‘on 6/25/04 at 02:28 PM wrote the following…’”
    It happened after I changed my IE security settings from medium to high
    in response to this post. Then again, maybe it’s only happening to me.

  2. This after Microsoft announces they will release their own anti-virus software, which may put a stranglehold on competitors, since they can access known (to microsoft) vulnerabilities while others cannot.  story herereuters microsoft anti-virus software. It’s hard to imagine that Microsoft isn’t just sitting back and letting people get hit with virii while they wait to overtake another market.

  3. Microsoft antivirus software?  No way in friggin’ hell, man.  I’d trust that as far as I could throw Gates’ mansion. 

    This from the company that gave us Outlook and IE.  Sheesh!

  4. Woke up this morning with this bit of doggerel verse forming in my head… my sincerest apologies:

    Microsoft’s record on security issues
    is so bad it beggars description
    Consumers don’t know, or they little suspect
    how open we are to destruction

    And deception, illusion, and adware intrusion,
    and malware of every kind
    We get viruses, hackers, and script kiddie slackers
    as our work falls ever further behind

    Thanks to Outlook, Explorer, and a shaky OS,
    new vulnerability every day
    IIS, RPC, and active X too,
    continually open the fray

    What to do about Windows, and the stuff that goes with it,
    while we wait for the big one to hit?
    Buy rubber boots, and a sturdy raincoat,
    for the day when the fan hits the shit

  5. Doh! – one second after clicking “submit” I noticed I typed “RPM” instead of “RPC” – Les, can you fix?

    Apologies for triple-posting – really not firing on all cylinders this AM…

    cap: story

  6. Fixed. And, may I just say, LOL!

    All these poets should be going over to Momma’s Corner and posting there as well. She’s very fond of putting up poems.

    Back when I used to run a BBS system she had her own message area with the same name where she’d post poems. I had callers who rang up every day just to post their own poems. One guy who went by the handle of Stardancer was so good at throwing obscure vocabulary into his entries that it forced Mom to keep a dictionary and thesaurus nearby so she could find out what the hell the words meant.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.