News.Com: Web site virus attack blunted.
“The attack, which had turned some Web sites into points of digital
infection was nipped in the bud on Friday, when Internet engineers
managed to shut down a Russian server that had been the source of
malicious code for the attack.” Link via Tomalak’s Realm
Archive | June 25, 2004
Surfing the web or providing web pages with Microsoft products? Stop.
InfoWorld: Top News reports: “Web attack aims to steal surfers’ financial details.
A new Internet attack discovered late Thursday was designed by an
infamous group of Russian virus writers to steal credit card and other
financial information from Web surfers and send it to Web sites where
it can be retrieved by hackers, security experts warned Friday.” The
key paragraphs:
have said that the attack only affects users of certain versions of
Microsoft Corp.’s Internet Explorer browser…
Additionally, Cluley said that it appears that the threat only affects
Web servers running Microsoft IIS 5 (Internet Information
Services) Web Server software and not Microsoft IIS 6, which comes with
Windows 2003 Server.”
Make sure you’ve patched IIS with the
Sasser patches. Raise the shields high on IE, or better yet, get a
secure browser. According the article, some *major* sites have been
hacked, so watch those credit card bills!
Update: According to this article on Netcraft, the trojan can be installed silently on fully-patched versions of Internet Explorer. Until the extent of the exploit is known, you may want to hold off surfing with IE.