“A potentially dangerous Internet attack on personal computers by a virus designed to steal financial data and passwords from Web users rippled across the Internet on Friday, computer security experts said,” Duncan Martell reports for Reuters. “The attack, which surfaced earlier this week and is known as the “Scob” outbreak, exploits a vulnerability in servers using a version of Microsoft Corp.’s IIS software, and has been called more dangerous than the recent ‘Sasser’ and ‘Blaster’ infections.”
“The infected servers in turn exploit another vulnerability in Microsoft’s Internet Explorer browser to install a Trojan Horse virus on the PCs of Web surfers who visit the infected Web sites, said Alfred Huger, senior director of engineering at Internet security company Symantec Corp.,” Martell reports. “‘All of this takes place while it looks like you’re viewing the same Web page,’ Huger said. ‘You don’t even know that parts of your browser have been redirected to another Web site.'”
“The U.S. Computer Emergency Readiness team warned on its Web site that ‘any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code.’ The Trojan Horse places a keystroke logger on users’ PCs and is designed to capture credit card numbers and passwords and send them back to a server in Russia, said Michael Murray, director of vulnerability and exposure at computer security firm nCircle Network Security,” Martell reports.
“The attack is more alarming than most because there are no patches available yet from Microsoft to fix the vulnerability in Internet Explorer that lets the hackers take control of computers, security researchers said… The Macintosh version of Internet Explorer is not affected, nor are non-Microsoft browsers such as Mozilla, Opera and Apple Computer Inc.’s Safari browser, security experts said,” Martell reports.
Full article here.
MacDailyNews Take: The headline pretty much says it all. For Windows-only readers interested in information about smoothly adding a Mac to your computing arsenal (so you can surf the Internet with impunity), please click here.
Why do people use windows Internet Explorer, whats so great about it?
’cause when they buy a new PC that is the first thing that launches. Why do you think it is prime real estate on the desktop? Even if these users switch to a Mac, they have been “assimilated” and continues to use it. Bill’s plan in action.
does not matter that is the greatest POS software out there.
Absolutely nothing. Say it again! Nothing. Huh!
my friend bobby told me that he stole his neighbors credit card. tomorrow hes going to buy a g5
I just drop the kids off at the pool. Those little scobs.
Why do people use windows Internet Explorer, whats so great about it?
Ever wonder what the term Killer App means? Well MSIE is a triple-entendre:
1) Popular application which motivates someone to purchase a personal computer to use it.
2) By giving MSIE away for free, MS undercut the sales model for and took marketshare from Netscape Navigator/Communicator.
3) By acting as a host for myriad virii, worms, trojan horses and popups, MSIE effectively kills the usefulness of your personal computer.
Put that in your satellite and launch it! Beep! Beep!
If they buy a new Mac Internet Explorer is’nt even installed – they wall have to use Safary.
Besides – Microsoft has announced i is stopping development of Internet Explorer for mac and PC.
I assume this is because ‘longshit’ will have a ‘new’ browser which will be a direct copy of Safari/Camino and all the other best browsers!
Sorry to be so repetitive, but it wil be worth it if it saves one hapless soul from doom.
Users of Internet Explorer on Windows:
• Dump your browser, trash it — immediately (download Firefox first). This could save you a world of grief!
• Change your bank accounts, your email, your credit card numbers too — they have been compromised. Your data is sitting on some database somewhere along with that of your family and friends, ready for one mass-multiple fraud transaction by organized crime before they retire to the good life with your retirement assets. DO IT QUICK
• And consider changing your name and address too. You may not be who you think you are anymore.
More info:
“It’s demonstrating the evolution and the constant innovation in the hacking and virus community,” said Chris Kraft, a senior security analyst at antivirus software vendor Sophos Inc.
The new attack affects only computers running software from Microsoft Corp., specifically the Windows operating system and the Internet Explorer browser, and Web servers using Microsoft’s Internet Information Server.
Unknown vandals exploited a flaw in the server that let them install a piece of code onto a Web page. This code is written in a simple programming language called Javascript, and vulnerable Internet Explorer browsers will run the program automatically. The program orders the browser to visit another website, without displaying the site on the computer user’s screen. This second website contains a malicious computer program called xxx.php, which is downloaded onto the visitor’s computer without his knowledge.
. . . . . . . . . .
Stephen Toulouse, program manager at Microsoft’s security response center, said his company’s engineers still don’t fully understand what the program does, but he added, “We do know in some cases it tries to capture information.”
aw look at that there is another virus on miicrosoft and mac is un effected. so what did myit teacher sad that mac are useless, slow and you cant do anything on them, ye right, like windows any better.
maybe oe day there will be a virus that would shut down whole of the windows 😀 ?
In reply to solarflare:
Besides all the misspellings this info is still incorrect.
“If they buy a new Mac Internet Explorer is’nt even installed – they wall have to use Safary.”
– Wrong, IE still comes loaded on new Macs.
“Besides – Microsoft has announced i is stopping development of Internet Explorer for mac and PC.”
– Wrong again. They are stopping development of IE for Mac.
http://www.microsoft.com/mac/products/internetexplorer/internetexplorer.aspx?pid=faq#features
– They still will be using IE in Longhorn.
http://www.osnews.com/story.php?news_id=5389
“I assume this is because ‘longshit’ will have a ‘new’ browser which will be a direct copy of Safari/Camino and all the other best browsers!”
– Wrong again, they will still be using IE, and although they are adding Block Pop-Ups, and a new Download Manager, the rest looks like crap. Also does not look like it has tabs.
MS still years behind.
http://www.osnews.com/story.php?news_id=5389
Oh, Secunia…. wherefore art thou? Don’t have a fix for this? Why not? Spending too much time focusing on finding <potential> security issues with the Mac OS that have produced not a single disabled computer to date while M$ machines continue to swim in a sea of trojans/virii/worm exploits that are now of the Titanic type? Looks like you’re missing the boat, here, Secunia…
I must share my observations…
As I pass through the “academic” and “IT” world the overwhelming message is to create online applications for the .NET framework and MSIE. Of course the applications must run on a IIS Windows server. These two communities have invested all of their shared resources (knowledge and financial) in the Microsoft arena.
The most interesting portion is if you bring up any concepts outside of MS they freak-out. Change scares the pants off of these people more then the reality that the system them base their careers on is flawed.
Perhaps as more and more of the IT world have their home machines destroyed just by surfing they may begin to realize the folly they are living…
… a side note the only troubleshooting help I give my PC friends any more is..
1. Buy a Mac
or
2. Trash IE
for everything else you are on your own…
�
It is starting to have a real effect. I just got an IM from my PC using sister. She asked what I knew about Opera and I recommended that she also look at firefox. Then she said that if she the money, she would seriously consider buying a Mac.
At the very least, I believe the days of IE dominating the browser landscape are numbered. My sister is in no way tech savvy though she does know quite a bit about using her Windows box. The fact that she is looking for alternatives is very striking to me.
I just spent the morning removing IE and Outlook Express from my wife’s Dell laptop, and replacing them with Firefox and Thunderbird, respectively. If M$ isn’t going to fix their non-standard, non-secure OEM software, she’s not going to use it.
Now, if only I could replace XP with OSX…
“As I pass through the “academic” and “IT” world the overwhelming message is to create online applications for the .NET framework and MSIE. Of course the applications must run on a IIS Windows server. These two communities have invested all of their shared resources (knowledge and financial) in the Microsoft arena.”
I thought the same thing at my Fortune 500 company, but somehow, amazingly, incredibly, development direction changed from .Net to J2EE/IBM Websphere, along with an increased emphasis on Unix. Now we’ll see how pissed off Gates and Ballmer are and if they’ll play hardball.
No word about Mac OS X Server, but at least it’s a move in the right direction.
Just glad to be on a Mac, the “Zero Tolerance for crapware” Platform.
Great article on why Macs are more secure:
http://daringfireball.net/2004/06/broken_windows
Copies of copies… geeeesh!!!
MDN: I think it is very poor journalism to point to an article that is merely a copy of the original. Give credit where it is really due, to the originator!!
The ORIGINAL article is at Reuters.com by Duncan Martell.
Specifically, it’s at…
http://www.reuters.com/newsArticle.jhtml;jsessionid=5QSU1NPZJXVNSCRBAEOCFFA?type=technologyNews&storyID=5519887
MDN: I think it is very poor journalism to point to an article that is merely a copy of the original. Give credit where it is really due, to the originator!!
Seems like free alternate browsers need to be better advertised on web pages. Also it might be a good story for news networks, but they probably wont carry the story since theyre mostly idiots and MS apologists.
Aryugaetu-
thats why its has ” ” ‘s around the whole thing and it has a link to the full article
You are wrong, “O”, it links to Boston.com not Reuters.com.
I use a PC developing software for Reuters. I have some weird adware problem at the moment, only when using IE.
So I’ve installed Firefox and it rocks.
It’s a shame that some Reuters intranet stuff still requires IE.
Jack A, the Broken Windows article ignores the fact that Windows was not written with security in mind, and thus has many vulnerabilities, but Unix is very secure. There are very real differences that have nothing to do with market share or ‘zero tolerance.’
I agree that Windows is like a bad neighborhood, in the sense that people imagine they are saving money by buying PCs but don’t take in to account all the security expenses, like bars on windows, house alarms, car alarms, dogs and pricier insurance rates. And with all this, still suffering vandalism from time to time. Switching to a Mac could be analogous to moving from the inner city to the suburbs, in terms of security concerns. Mixed metaphors I know, just sayin’.
Less is More said…
“Sorry to be so repetitive, but it wil be worth it if it saves one hapless soul from doom. Users of Internet Explorer on Windows:Dump your browser, trash it — immediately (download Firefox first). This could save you a world of grief!”
My PC buddies are like lemmings. No matter how much i tell them, they look at me like deer in the headlights… Wham!!!
[url=http://www.phenomi.net]http://www.phenomi.net[/url]
Hey, not to worry!
M$ will soon release AV software to protect Window$ from all these malicious attacks – at the bargain basement price of $399.
hahaha, they’ll find a way to your dollars sooner or later all you Window$ users!?!?!?