Zaraza se siri preko nepoznatog propusta u IE-u!

Zaraza se siri preko nepoznatog propusta u IE-u!

offline
  • SINGI
  • Pridružio: 22 Avg 2003
  • Poruke: 787
  • Gde živiš: Beograd

Kaspersky Labs, a leading information security software developer, announces a new case of mass infection, caused by a combination of malware and unsanctioned access to computer systems. Web servers running Microsoft Internet Explorer (ISS) 5 are affected, and individual computers will become victims when the user views an infected site using Internet Explorer.

An unusual method is used to infect victim machines. Web servers are compromised using a JavaScript Trojan, Trojan.JS.Scob.a. It is not yet clear whether the servers have been compromised via a new vulnerability, or an already documented one.

When Internet Explorer is used to view a site on an infected server, the Trojan will take control of the victim machine, and redirect the browser to a site containing a PHP script. This is done using an unknown vulnerability in Internet Explorer. A version of Backdoor.Padodor (w, x, y, or z) will then be installed on the victim machine. This spy program enables full remote control over victim machines.

Padobor's code contains the line 'Coded by HangUpTeam', leaving no doubt as to the author's identity. The use of this program makes it likely that the current attack was initiated by the HangUp Team, an internationally known group of hackers and virus writers. The group is responsible for a number of malicious programs, including the recent Padobot worm, aka Korgo. This worm attacks victim machines by exploiting vulnerability in Windows LSASS, and receives remote commands via IRC channels.

The HangUp Team was founded by three inhabitants of Archangel, Russia. In 2000, they were arrested and placed on probation for creating and distributing malicious code. However, the HangUp Team is still active, and has members from throughout the former Soviet Union, and possibly from other countries. The group is also notorious for its strong ties with the spamming industry, which uses networks of zombie machines created by the HangUp Team. Such networks are created using Trojans: once a proxy-server is configured, these networks can be used as spamming platforms.

We may be talking about a zero-day exploit here - a vulnerability which no-one knows about, and which there is no patch for. The hackers may have discovered the vulnerability themselves, or paid for the information, and compromised IIS servers around the world in order to distribute this Trojan spy program. We have been predicting such an incident for several years: it confirms the destructive direction taken by the computer underground, and the trend in using a combination of methods to attack. Unfortunately, such blended threats and attacks are designed to evade the protection currently available,' commented Eugene Kaspersky, head of Anti-Virus Research at Kaspersky Labs.

Updates for Kaspersky Labs anti-virus databases already contain definitions of Trojan.JS.Scob.a, variants.x, .y., z and Backdoor.Padodor.



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Peca  Male
  • Glavni Administrator
  • Predrag Damnjanović
  • SysAdmin i programer
  • Pridružio: 17 Apr 2003
  • Poruke: 23211
  • Gde živiš: Niš

Citat:Web servers running Microsoft Internet Explorer (ISS) 5 are affected

Denisa izgleda udarila malo votka u glavu Smile



Ko je trenutno na forumu
 

Ukupno su 1078 korisnika na forumu :: 41 registrovanih, 4 sakrivenih i 1033 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, Alibaba1981, antonije64, Apok, bankulen, Boris90, Brana01, CikaKURE, Denaya, dijica, Dimitrije Paunovic, draganca, esx66, Frunze, gorozup, goxin, kunktator, ljuba, milenko crazy north, mnn2, moldway, mrav pesadinac, MrNo, nemkea71, nikoladim, Nobunaga, Panonsky, pein, procesor, rajkoplje, raketaš, RJ, sasa87, Sumadija34, suton, Trpe Grozni, Tvrtko I, virked, Vlajman1957, voja64, zlaya011