Windows Scob virus collects passwords, financial data; Macintosh unaffected

“Hackers sent a chill across the Web last week when they engineered a way to take over Microsoft-designed Web servers [IIS] to spread a virus onto Windows PCs. The virus was planted on Windows computers when they visited Web sites that had been attacked. Macintosh computers were not affected…,” Al Fasoldt reports for The Syracuse Post-Standard.

“The breach in IIS security is considered extremely grave, considering the way hackers forced the IIS systems to become virus servers. Basically, when a Windows PC running Internet Explorer asked for a page from one of the hacked Web sites, it got both the page and the Scob Trojan at the same time. There was no outward sign that anything was amiss. Internet experts pointed out that the infected Web sites were all standard sites – all ‘trusted sites,’ in the words of one of the security experts,” Fasoldt reports. “… [The Scob Trojan works by] logging keystrokes on the infected Windows computer with the aim of collecting passwords and financial data.”

“This much was known as of midweek: Only Windows computers are affected… if they use Internet Explorer… There is no fix for the problem as of yet… The version of Internet Explorer used on Macintosh computers is safe. Apple Computer’s own browser, Safari, is also safe. Apple’s Macintoshes do not work the way Windows computers do, and viruses aren’t able to get the same kind of foothold on Macs… Web servers other than IIS were not vulnerable to this attack,” Fasoldt reports.

Full article here.

19 Comments

  1. What I’d like to know are the names of some of the “hacked”, “trusted” websites that are running IIS and have become virus servers? I know they don’t want their names publicized, but I think the public has the right to know who infected Grandma’s Winblows PeeCee.

  2. Even Slate (MS publication) recommended Firefox over IE. Disbanding the IE team and halting the IE development are the stupidest thing MS has done in a long time. When you know that your app is left behind and is full of security holes, you really should not stop develoing it even when it makes no money for you. Problems like this only make people think Microsoft is synonym with swiss cheese security. They may ignore it once or twice, but eventually even the die hard MS fanboys are forced to acknowledge the problem.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.