SECURITY
Web site infection still active
28-06-2004
by Craig Liddell
Software giant Microsoft has claimed that an attack which infected several Web servers and sites is under control, but security experts are not convinced.
Web servers and sites remain infected following the widespread attack, but Microsoft said the Russian hacker site that was the source of the malicious code was shut down on Thursday. Compromised Web sites are still attempting to infect PCs by referring them to the server in Russia, but that computer can no longer be reached.
Microsoft said on Saturday that the company is "unaware of any widespread customer impact based on Download.Ject."
The software giant also confirmed that this attack exploited vulnerability in Internet Explorer to deliver malicious code to visitors of an affected Web site. The company has been working with Internet service provider partners to shut down the malicious URLs. MSN is also scanning for and blocking malicious URLs.
Unlike viruses that spread by e-mail, Download.Ject was propagated by users visiting an infected Web site, which can install a Trojan or keystroke logger that allows hackers access to PCs, according to security experts. They have warned that the program could be used to steal financial information and e-mail passwords.
"Internet Explorer customers are no longer at risk from that particular attack source as of Thursday evening," Microsoft said on Saturday.
But security experts have warned that while the immediate threat has been removed, by taking the Russian Web site off-line, hackers could adjust the code and continue infecting PCs. The IP address directing users to the Russian server could easily be changed in future variants.
Conor Flynn, technical director with Rits Information Security in Dublin, says a number of Web servers and sites are still infected. He believes the problem won't be fixed until the source of the code is revealed and Microsoft fixes the vulnerability in Internet Explorer.
The fear is rooted in the fact that there is no patch from Microsoft for the flaws in Internet Explorer, nor is there an indication that a patch is on the verge of being released.
Non-profit information security organization the SANS Institute has also noted that, "while the majority of traffic [resulting from the attack] has died down, we are still receiving reports of administrators finding log files with indicators of msits.exe download."
Another reason why hackers may continue to exploit the vulnerability is the ongoing confusion about how the severs, and the Web sites hosted on them, became infected in the first place.
Microsoft said on Saturday that it is currently, "working with law enforcement and industry partners to identify the individuals or entities responsible for a new Internet attack, known as Download.Ject, and bring those responsible for this criminal act to justice."
Caped Koala Studios has built a virtual world for kids, combining education and social networking 