- The Washington Times - Friday, June 25, 2004

Internet security experts warned yesterday of a computer infection that has caused visitors to some Web sites to unwittingly download programs that could steal personal information.

Hundreds of Web sites across the Internet have been infected with the “Download.Ject” or “Scob” virus, which was created by Russian hackers who infected sites and caused visitors to unknowingly install a so-called “trojan” program that allows someone to control a computer remotely.

The hackers infected Web sites through vulnerabilities in servers using Microsoft’s Internet Information Services (IIS) program. Computers with the Microsoft Internet Explorer Web browser were infected if they were part of a Microsoft operating system. Macintosh users were not at risk.

“An unsuspecting Web surfer might fall victim,” said Neil Mehta, a research engineer with Internet Security Systems in Atlanta.

Web security firms as well as the U.S. Computer Emergency Readiness Team (CERT) issued a warning about the infection early yesterday. It has not spread as quickly as other recent viruses and worms, but could be costly because its mission is to collect information from unsuspecting computer users, researchers said. In one method, the trojan created a phony form designed to look like a legitimate Web site asking people to enter credit card numbers and other sensitive financial data.

“The attack is not epidemic, but it is likely to grow more pervasive over time,” said Alfred Huger, a senior director with Symantec Security Response in Cupertino, Calif. “Users need to be aware of the threats as they use the Internet and vigilant about the type of information they disclose to Web sites.”

Before the attack began, Microsoft did not have a software patch to fix one of the vulnerabilities in Internet Explorer, leading some security experts to believe the infection was sent very quickly after the vulnerability was discovered. Microsoft has since released a software update, and other companies have created ways to protect computers from being infected.

Microsoft recommended that Internet Explorer users set their security settings to the highest level, even if it means removing some of the browser’s functions.

The Russian server that was the source of the virus has been shut down, though some computers that visit compromised Web sites may be slowed by the sites’ attempt to download the trojan even though it no longer has access to it. Experts warned that the hacker could appear on a new server at any point.

Most popular Web sites were not affected yesterday, but kbb.com, the Web site for the Kelly Blue Book car-pricing guide, was infected for part of yesterday, as were the sites of some small businesses.

“In general, the more popular Web sites have the right security measures in place,” Mr. Mehta said.

Trojans have been linked to the onslaught of unwanted e-mail, or spam. Researchers now believe that as much as 90 percent of all spam is sent from computers that have been hijacked by a trojan downloaded onto a computer infected with a virus or worm.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide