Internet Attacks

Experts Study Developing Internet Attack

"Government and industry experts warned late Thursday of a mysterious, large-scale Internet attack against thousands of popular Web sites. The virus-like infection tries to implant hacker software onto the computers of all Web site visitors. Industry experts and the Homeland Security Department were studying the infection to determine how it spreads across Web sites and find adequate defenses against it. "Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the government warned in one Internet alert."

PalmBeachPost, Submitted by Anonymous, Fri Jun 25 07:59:33 EDT 2004

Net attack aimed at banking data

"Computer security experts warned yesterday of another new Internet threat that can steal the passwords and account information of people who bank online -- the second such discovery in a week. Users can pick up the latest bug, which doesn't yet have a name, from pop-up ads that secretly download software capable of capturing their keystrokes. The pop-ups originate at Web sites that receive their ads from certain online ad services, which apparently had themselves been hacked to spread the malicious code."

Full story - MSNBC , Submitted by Anonymous, Thu Jul 1 08:04:36 EDT 2004

IE workaround a non-starter

"Doubts have been raised about the effectiveness of a workaround issued by Microsoft to guard against a potentially devastating vulnerability in IE. Left unchecked the flaw creates a means for hackers to turn popular websites into conduits for viral transmission."

Submitted by Anonymous, Mon Jul 5 14:00:41 EDT 2004

Malware attacks IE users via pop-ups

"Another warning has been issued over data-stealing malware that exploits vulnerability in Internet Explorer. Although the threat from last week's "download.ject" attack has subsided, malware authors have not missed a beat in their efforts to use flaws in Internet Explorer as a gateway to steal banking and credit card information. The malware, which has been identified by the SANS Institute, is delivered to users' PCs through pop-up windows that appear when users log on to financial portals. It seems that the suspect pop-ups are delivered on certain websites that run ads from third-party ad servers, which appear to have been hacked. When the pop-ups appear, vulnerable versions of Internet Explorer begin downloading a malicious file that records activity - such as passwords - onto the infected PC and sends that data to a server reportedly located in Estonia."

Full story - The Register , Submitted by Anonymous, Wed Jun 30 10:00:37 EDT 2004

Pop-up program reads keystrokes, steals passwords

"Security researchers have discovered a malicious program that installs itself by way of a pop-up ad and can read keystrokes and steal passwords when victims visit any one of nearly 50 targeted banking sites. The targeted sites include major financial institutions such as Citibank, Barclays and Deutsche Bank, researcher Marcus Sachs said Tuesday. "If (the program) recognizes that you are on one of those sites, it does keystroke logging," said Sachs, director of the Internet Storm Center, a site that monitors network threats. Even though all financial sites use encryption built into the browser to protect log-in data, the Trojan horse program can capture the information before it gets encrypted by the browser software. "The browser does not encrypt data between your keyboard and computer. It's encrypting it (when it goes) out onto the Web.""

Full story - ZDNet , Submitted by Anonymous, Tue Jun 29 16:37:55 EDT 2004

Spyware's tentacles spread to search

"For Google users like Tim Yu, the threat of spyware isn't so easy to stare down. Yu, a Stanford University student, recently found that one of his family's computers was infected with a program called "BrowserAid/Featured Results," which was delivering additional and unwanted pop-up ads atop Google results. He managed to rid the computer of that application, but a similar, unidentifiable program could not be eliminated. "I removed it from the registry, but this one heals itself," Yu said. Spyware makers, he said, are getting more sophisticated."

Full story - ZDNet , Submitted by Anonymous, Tue Jun 29 16:36:45 EDT 2004

Web browsers hijacked

"Think of it as spyware meets Freddy Krueger - a genre of Internet monster that hijacks your browser and, like the villain of "Nightmare on Elm Street", can't be killed. This new "kruegerware" can steal your home page, lock you permanently to a porno site, or ship all your Google queries to a dubious ad-driven alternative. Increasingly this type of program doesn't just wreak havoc. It can avoid detection by popular spyware programs and even if you think you've gotten rid of it, it usually comes back, like Freddy."

Submitted by Anonymous, Mon Jun 21 14:31:42 EDT 2004

CERT recommends anything but IE

"US CERT (the US Computer Emergency Readiness Team), is advising people to ditch Internet Explorer and use a different browser after the latest security vulnerability in the software was exposed. A statement on the CERT site said: "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites." CERT otherwise recommends users to set security settings to high and disable JavaScript."

SecurityFocus, Submitted by Anonymous, Tue Jun 29 16:34:30 EDT 2004