HOME
TOPICS
SEARCH
ABOUT ME
MAIL

 
Macintosh computers were not affected, nor were Linux systems.
 technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

T e c h n o f i l e
New Internet Explorer flaw turns trusted sites into virus injectors


July 4, 2004


By Al Fasoldt
Copyright © 2004, Al Fasoldt
Copyright © 2004, The Post-Standard

   Hackers sent a chill across the Web last week when they engineered a way to take over Microsoft-designed Web servers to spread a virus onto Windows PCs. The virus was planted on Windows computers when they visited Web sites that had been attacked.
   Macintosh computers were not affected, nor were Linux systems.
   The virus, called the Scob Trojan, was inserted into Windows computers that were running Microsoft's standard Web browser, Internet Explorer. The Scob Trojan then started logging keystrokes on the infected Windows computer with the aim of collecting passwords and financial data.
   The stolen data was then passed along to an Internet site in Russia run by a criminal hacker group named HangUP. The data was being collected to be sold on the hacker black market. Security experts quickly shut down all electronic traffic to the Russian site, but are concerned that other virus writers will now mimic the design of the Scob Trojan and launch new attacks.
   It's not known how the attackers were able to take control of the Web servers, all of which were running Microsoft's Internet Information Services (IIS) software. More than 6 million Web servers run IIS software, and researchers say 650 were taken over last week.
   The breach in IIS security is considered extremely grave, considering the way hackers forced the IIS systems to become virus servers. Basically, when a Windows PC running Internet Explorer asked for a page from one of the hacked Web sites, it got both the page and the Scob Trojan at the same time. There was no outward sign that anything was amiss.
   Internet experts pointed out that the infected Web sites were all standard sites -- all "trusted sites," in the words of one of the security experts.
   This much was known as of midweek:
   Only Windows computers are affected, and only if they use Internet Explorer. Although most Windows users stick with Internet Explorer, there are alternative Web browsers that are much safer. These include Opera, from www.opera.com, and Mozilla Navigator and Mozilla Firefox, from www.mozilla.org.
   There is no fix for the problem as of yet. Microsoft says an as-yet unreleased service pack for Windows XP should block the Scob Trojan, but otherwise it said only that Internet Explorer users should turn security settings to their highest level. But this blocks access to legitimate sites and would not work for many users.
   The version of Internet Explorer used on Macintosh computers is safe. Apple Computer's own browser, Safari, is also safe. Apple's Macintoshes do not work the way Windows computers do, and viruses aren't able to get the same kind of foothold on Macs.
   Some Windows experts urged users to stop running Internet Explorer. Paul Thurrott, a longtime Microsoft expert, told his newsletter readers that Internet Explorer "is buggy, insecure, and one of the most obvious attack vectors for people who want to compromise Windows. My advice? Use Mozilla, Mozilla Firefox, or Opera instead of Internet Explorer."
   Web servers other than IIS were not vulnerable to this attack. The most common Web server worldwide is Apache, created as an Open Source project and continually updated. To find out what Web server any site is running on, use the free Netcraft site survey at http://uptime.netcraft.com/up/graph.