|
04 Jul 04 - 02:37 AM (#1219136) Subject: Tech: Microsoft issues new Patch From: Stilly River Sage http://support.microsoft.com/default.aspx?kbid870669
NEW YORK - Microsoft Corp. issued an interim security update Friday to protect users of its nearly ubiquitous Internet Explorer browsers from a new technique for spreading viruses. The update does not entirely fix the flaw that makes the spread possible, but it changes settings in Windows operating systems to disable hackers' ability to deliver malicious code with it. The security measure came in response to last week's discovery of a computer virus designed to steal valuable information like passwords. Though its outbreak was mild, security experts said the technique for spreading it was novel and could be used to send spam or launch broad attacks to cripple the Internet. Hackers had converted hundreds and possibly thousands of Web sites into virus transmitters by first hiding malicious code using a vulnerability with Microsoft's software for operating Web sites. A fix for it had been issued in April but was not universally applied. Two other flaws in Microsoft products allowed hackers to direct Internet Explorer browsers to automatically run the virus when visiting an infected site. Though one of those flaws remains unfixed, Friday's setting changes thwart any attack by prohibiting a Web application from writing files - such as the virus code - onto users' computers. . . you'll find the rest of this online in many places; it's an AP story. SRS |
|
04 Jul 04 - 03:50 AM (#1219144) Subject: RE: Tech: Microsoft issues new Patch From: JohnInKansas This is the response to the "Scob" virus, discovered last Thursday. (More description at Mudcat Spyware.) Scob attacks/infects servers and requires three separate vulnerabilities to be successful at the server level. Two of the three vulnerabilities were "patched" several months ago, but servers where the old patches were not applied could download the "applet" to users. The junk that's downloaded to most users is technically not a virus - it's just a Java program script. The script connected to either of two sites to download a spyware program. Neither the applet that's embedded in a web page nor the spyware that's the end result is detected by ANY AV or AntiSpyware programs (as of yesterday) and cannot be removed by any of the common AntiSpyware programs, so it is "dangerous;" but thus far it was not widely distributed. The apparent purpose of the malware that was the end result was identity theft (keystroke logging), which of course can be a very real problem for anyone on whom it's successful. The "fix" that was widely publicised in the news media, cited above, allows users to "turn off" one of the Java functions needed for execution of the "nasty stuff" that's the payload for this one. There's a new one every week - and about three "copy cat" versions of each new one about a week later, so more of the same may be expected. John |