Corporate Servers Spreading IE Virus

Posted on by

ZDNet is reporting that corporate web servers are infecting visitors’ PCs. The combination of two unpatched Internet Explorer security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have ‘few options’ other than alternative browsers or platforms.

ZDNet Article Quotes
…the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major companies, including some banks, said Brent Houlahan, chief technology officer of NetSec.

“There’s a pretty wide variety,” he said. “There are auction sites, price comparison sites and financial institutions.”

Currently, researchers have two theories as to who is behind the attacks. The Internet Storm Center pointed to the similarities between these attacks and previous virus epidemics aimed at co-opting computers for use in illegal spam networks.

“There is quite a bit of evidence that what we are seeing is yet another technique for spreading and installing ‘spamware,'” the group stated on its site. “We don’t see any evidence that this attack is related to the construction of a DDoS (distributed denial of service) network or other type of typical zombie-based attack group.”

However, Symantec believes that the attacks last fall and in April, which the current one most resembles, were conducted by online organized crime groups from Russia. The theory is supported not only by the fact that the server storing the malicious code is in Russia, but also by the sophisticated nature of the attacks, Symantec’s Huger said.

“It’s a group of people that have resources to bring to play,” he said, adding that the attack programs were not amateur material. “The code wasn’t pulled off a Web site; it was custom.”

Microsoft’s Temporary Solution Link

My solution… PokingStickuse Mozilla Firefox or Opera for your browser. We’ve been using a mozilla based browser for about 18 mths now and will not go back to Internet Explorer. Mac and Linux home users are once again, unaffected by MSFT security holes.

Sunny This website is running on a Linux server so it is not affected by the latest round of attacks on Microsoft’s (security sieve type) webservers.

One thought on “Corporate Servers Spreading IE Virus

  1. How to Tell If You Are Affected

    To determine if the malicious code is on your computer:

    1. On the taskbar at the bottom of your screen, click Start, and then click Search.

    2. Under What do you want to search for? click All files and folders.

    3. Under All or part of the file name: enter the following text to search for both of these files:

    Kk32.dll
    Surf.dat

    4. If either of these files is present, your computer may be infected. You can clean your computer by using up-to-date antivirus software, a key step in protecting your PC. You can obtain antivirus protection from the following software vendors participating in the Microsoft Virus Information Alliance:
    * Symantec
    * F-Secure
    * Computer Associates

Comments are closed.