DelMonte
Jun 25th, 2004, 04:13 PM
Sorry to post this in gen messages but this is where most people post. You can find the full article at: http://news.bbc.co.uk/1/hi/technology/3840101.stm
Web browser flaw prompts warning
Microsoft has issued advice about the loophole
Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it.
The loophole is being exploited to open a backdoor on a PC that could let criminals take control of a machine.
The threat of infection is so high because the code created to exploit the loophole has somehow been placed on many popular websites.
Experts say the list of compromised sites involves banks, auction and price comparison firms and is growing fast.
Serious problem
The net watchdog, the US Computer Emergency Reponse Center, and the net security monitor, the Internet Storm Center, have both issued warnings about the combined threat of compromised websites and browser loophole.
Cert said: "Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code."
In its round-up of the threat the Internet Storm Center bluntly stated that users should if possible "use a browser other then MS Internet Explorer until the current vulnerabilities in MSIE are patched."
CHECKING FOR INFECTION
Click the Start button and then click on Search
Make sure you choose the option to look through all files and folders
Search for files called Kk32.dll and Surf.dat
If infected use up to date anti-virus software to remove the malicious code
So far it is unclear how the malicious code that exploits the weakness in Microsoft's Internet Explorer has been inserted on popular websites.
What is known that any Windows 2000 Server that does not have the MS04-011 security update installed and is running Internet Information Server could be at risk.
The virulent Sasser worm exploited loopholes closed by this update so many servers are likely to be patched against the problem.
Infected servers are adding a malicious chunk of Javascript to all the web, gif and jpg files served up to anyone browsing the sites they host.
When loading on a browsing PC, this chunk of code might trigger a Windows error message.
Once downloaded the code redirects a browser to a Russian website which tries to install a program that opens a backdoor into the PC.
Some net service firms have started blocking access to this Russian site.
Web browser flaw prompts warning
Microsoft has issued advice about the loophole
Users are being told to avoid using Internet Explorer until Microsoft patches a serious security hole in it.
The loophole is being exploited to open a backdoor on a PC that could let criminals take control of a machine.
The threat of infection is so high because the code created to exploit the loophole has somehow been placed on many popular websites.
Experts say the list of compromised sites involves banks, auction and price comparison firms and is growing fast.
Serious problem
The net watchdog, the US Computer Emergency Reponse Center, and the net security monitor, the Internet Storm Center, have both issued warnings about the combined threat of compromised websites and browser loophole.
Cert said: "Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code."
In its round-up of the threat the Internet Storm Center bluntly stated that users should if possible "use a browser other then MS Internet Explorer until the current vulnerabilities in MSIE are patched."
CHECKING FOR INFECTION
Click the Start button and then click on Search
Make sure you choose the option to look through all files and folders
Search for files called Kk32.dll and Surf.dat
If infected use up to date anti-virus software to remove the malicious code
So far it is unclear how the malicious code that exploits the weakness in Microsoft's Internet Explorer has been inserted on popular websites.
What is known that any Windows 2000 Server that does not have the MS04-011 security update installed and is running Internet Information Server could be at risk.
The virulent Sasser worm exploited loopholes closed by this update so many servers are likely to be patched against the problem.
Infected servers are adding a malicious chunk of Javascript to all the web, gif and jpg files served up to anyone browsing the sites they host.
When loading on a browsing PC, this chunk of code might trigger a Windows error message.
Once downloaded the code redirects a browser to a Russian website which tries to install a program that opens a backdoor into the PC.
Some net service firms have started blocking access to this Russian site.