NZservers LTD sites : NZservers : Fastpage
 Home | Legal | Web Hosting Solutions | Web Templates | Domains | Support | FAQ| Links| About us
The Latest News Updates from NZServers Limited
 News Item: New Internet Explorer Security Issue
 Date Created: Jun 26, 2004
  Click here to return  <<next | previous>>   Powered by Fastpage

New Internet Explorer Related Security Flaw

News of a new security flaw involving Internet Explorer 6, Windows XP, and IIS 5.0 web server is circulating.

This particular exploit appends JavaScript to images served by compromised servers (which are have had the "enable document footer" setting turned on), which is automatically downloaded once the images are loaded. After the JavaScript is downloaded, the user's browser is then redirected to a Russian site where msits.exe is downloaded and executed. After that, a keystroke logger is installed on the PC.

 According to the Internet Storm Center, there is evidence that spammers are behind the attacks, as compromised machines are contacting a Russian network associated with spamming.

The ISC update also includes a list of files that are installed on compromised IIS servers. Microsoft has posted a bulletin on the attack, stating that those running Windows XP who have downloaded the latest critical security updates or are running Windows XP SP2 RC2 are not at risk.

However, it is not yet apparent whether the IIS compromise is the result of a recently-uncovered and unpatched flaw.
Only users of IE 6 and IE-based browsers are at risk of downloading the malware; users of Mozilla, Opera, Firefox, Linux  and Mac OS X are not affected by this exploit.

How to avoid infection

As it is not yet clear whether this issue has actually been addressed by Microsoft, it is suggested you use a different browser, and firewall 217.107.218.0/24 to prevent infection.

Please note that as of now, most anti virus software companies do not yet detect this infection, so until your anti virus company releases a statement on it, do not assume that you are clean due to lack of detection. According to SANS, here is the currently scanning results list for the major anti virus companies:

BitDefender 7.0/20040624 nothing
eTrustAV-Inoc 4641/20040623 nothing
F-Prot 3.14e/20040624 nothing
Kaspersky 3.0/20040625 nothing
McAfee 4369/20040624 nothing
NOD32v2 1.794/20040623 nothing
Norman 5.70.01/20040512 nothing
Panda 7.02.00/20040624 nothing
Sybari 7.50.1138/20040624 [Win32.Webber]
Symantec 8.0/20040624 [Backdoor.Berbew.F]
TrendMicro 1.00/20040624 nothing

For more information please surf to these sites:

SANS - Internet Storm Center
Security Focus

(c) Copyright 1997-2002 NZservers LTD : Copyright Statement : Privacy Policy : TOS and VSAUP