 News Menu |
|
|
| Site Menu |
|
|
| Site Affiliates |
|
|
| Advertisements |
|
|
|
|
|
|
| |
A Download.Ject-style worm which spreads through instant messages is spreading across the Net, according to intrusion prevention firm PivX.
The as-yet unnamed worm arrives as an innocuous looking instant message on AIM or ICQ which says: "My personal home page [url]http://XXXXXXX.X-XXXXXX.XXX/".[/url] This link takes users to a one of a number of sites hosted in Uruguay, Russia and the US, from which a Trojan horse program is downloaded. These websites contains exploit code designed to infect surfers by taking advantages of a variety of well known IE exploits (such as Object Data, Ibiza CHM and MHTML Redirect).
Infection will modify a user's home page to a site called TargetSearch. The setting of an infected user's browser will also be changed to open up several browser windows displaying adult advertisement and referral links every time IE is loaded, according to preliminary analysis of the worm.
The scope of the worm's spread is unclear but early analysis hasn't revealed any of the key logging features that made the original Download.Ject worm such a menace.
On 24 June many websites running IIS 5 were infected with malicious JavaScript code called Download.Ject. Websites running the latest versions of Microsoft IIS were unaffected. Users visiting a website contaminated with Download.Ject activated a script that downloaded a Trojan horse (called Berbew) from a website in Russia.
 View: The Register
|
| There are 0 additional comments, Post a comment | View printable post | Open/Close All Comments |
|
|
|
|
Recent 
Recent 
Announcement
