VIRUS WARNING*Large-Scale Attack Hits Thousands of Sites

Mike Panic · 06-27-2004, 08:46 AM

More info:

http://news.com.com/Corporate+Web+se...l?tag=nefd.top

MS info page:

http://www.microsoft.com/security/in...load_ject.mspx

To determine if the malicious code is on your computer, search for the following files:

Kk32.dll
Surf.dat

Steps for Windows XP users:

On the taskbar at the bottom of your screen, click Start, and then click Search.
Under What do you want to search for? click All files and folders.
Under All or part of the file name:
type: Kk32.dll
and then click the Search button.
Under All or part of the file name:
type: Surf.dat
and then click the Search button.

If either of these files is present, your computer may be infected.

Web Virus May Be Stealing Financial Data
New Scheme Causes Web Sites to Spread the Bug
By ANICK JESDANUN, AP

NEW YORK (June 26) - A computer virus designed to steal valuable information like passwords spread Friday through a new technique that converted popular Web sites into virus transmitters.

Though the impact of the ''Scob'' outbreak was mild compared with recent infections like ''Sasser'' and ''Blaster,'' security experts worried about its method of delivery.

With Scob, virus writers have discovered yet another way - beyond e-mail and network techniques - of distributing their malicious code.

Now that the exploit is out, it won't be long before others adapt it for spamming and for launching broad attacks to cripple the Internet, said Alfred Huger, senior director of engineering at security company Symantec Corp.

The infection, first discovered by Microsoft Corp. on Thursday, appears to take advantage of three separate flaws with Microsoft products and can be difficult to detect.

????: NamePros.com http://www.namepros.com/warnings-and-alerts/36156-virus-warning-large-scale-attack-hits.html
Stephen Toulouse, a security program manager at Microsoft, said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch available yet.

He recommended that computer owners obtain the latest security updates for Microsoft products and their anti-virus and firewall programs. For the flaw that lacks a patch, he said, users should also turn up security settings on Microsoft's Internet Explorer browsers to the highest levels.

Users could also turn off the ''JavaScript'' feature on their Microsoft browsers, though doing so could cripple functions on some sites.

The virus does not affect Macintosh versions of Internet Explorer, nor does it spread through non-Microsoft browsers like Mozilla and Opera.

Users can search their computers for the files ''Kk32.dll'' or ''Surf.dat'' to see if they are infected. Removal tools are available from major anti-virus vendors.
????: NamePros.com http://www.namepros.com/showthread.php?t=36156

Experts said the infection was unusually broad but wasn't substantially interfering with Internet traffic.

The U.S. Computer Emergency Readiness Team warned that any Web site, even those trusted by users, might be a vector for spreading the virus.

Security experts worked Friday to pin down how hackers managed to infect hundreds and possibly thousands of Web sites. It appears to target at least one recent version of Microsoft software for operating Web sites, called Internet Information Server.

Hackers made subtle changes to the Web site so visitors get a piece of code that's designed to retrieve, from a Russian Web site, software that records a person's keystrokes.

Such data, which can include credit card numbers, bank accounts and passwords, are collected for remote delivery to hackers, experts say.

The virus, however, does not attempt to spread itself, helping to limit its effect.

Web sites have been used before to spread a form of spyware called ''browser hijackers.'' One, known as Qhosts, disables access to major search engines and resets the Internet Explorer browser home page to a little-known site.

But those typically have involved ''users having been visiting shady sites,'' Chris Kraft, senior security analyst at Sophos Inc. Here, hackers plant the code on business, government and other everyday sites they do not normally control.

''This is kind of ingenious,'' Kraft said.

Mr. Websites · 06-27-2004, 09:07 AM

Damn, that sucks. These guy's are getting smarter by the day.

aww · 06-27-2004, 09:13 AM

Actually its a trojan not a virus.
Earlier thread here:
http://namepros.com/showthread.php?threadid=36014

netPH · 06-27-2004, 12:44 PM

warning:

keep away from Spacecraft.ru site, I was victimized yesterday, it spreads somekind of trojan stuffs... if you'll attempt to, then better prepare a powerful anti-virus

Shan · 06-27-2004, 01:12 PM

Thanks for the warning. I saw about this virus on MSNBC 4 news, and they said that the security experts weren't willing to give out the websites the virus was on. That really sucks!

Scott · 06-27-2004, 01:13 PM

Moral of the story? Don't use IE.

axilant · 06-27-2004, 01:19 PM

Quote:

Originally posted by qxh
Moral of the story? Don't use IE.

lol... my dad wont let me use nothing but ie

Mr. Websites · 06-27-2004, 01:34 PM

What? Your dad puts restrictions as to what browser you can use?

DJ-Sound · 06-27-2004, 01:54 PM

lol

To help prevent Virus: NEVER follow any instruction on how to get a Virus off your computer (cause by deleating a important file bad things happen, thats the Virus), deleate your temp. internet files often. Always update your norton antiVirus and be cautious on what sites you visit. NEVER open a e-mail with a attachment unless you are expecting that e-mail.

To help prevent popups: try to never download anything from the net, period! Don't click yes to any thing when visiting a website. Popups that are not blocked by your alexa or google toolbar are not from the net essently, they are Viruses that guranteed traffic companys place on your computer by adding the software with free downloads and websites all over the net.
????: NamePros.com http://www.namepros.com/showthread.php?t=36156

some tips........

Darkfire001 · 06-27-2004, 06:01 PM

Never Open E-Mail Attacthments unless you are 100% sure it is safe. Also, use a Virus Scanner

And the most important thing, BE PARANOID. If you think its bad, dont chance it.

Blackpanther · 06-28-2004, 07:36 AM

And always keep a backup copy of your important files.. and try to become aware of the types of files running in memory that way if a strange file pops up somewhere you know how to treat it..

06-27-2004, 08:46 AM	THREAD STARTER #1 (permalink)
Mike Panic NamePros Member Join Date: Apr 2004 Posts: 121	VIRUS WARNING*Large-Scale Attack Hits Thousands of Sites More info: http://news.com.com/Corporate+Web+se...l?tag=nefd.top MS info page: http://www.microsoft.com/security/in...load_ject.mspx To determine if the malicious code is on your computer, search for the following files: Kk32.dll Surf.dat Steps for Windows XP users: On the taskbar at the bottom of your screen, click Start, and then click Search. Under What do you want to search for? click All files and folders. Under All or part of the file name: type: Kk32.dll and then click the Search button. Under All or part of the file name: type: Surf.dat and then click the Search button. If either of these files is present, your computer may be infected. Web Virus May Be Stealing Financial Data New Scheme Causes Web Sites to Spread the Bug By ANICK JESDANUN, AP NEW YORK (June 26) - A computer virus designed to steal valuable information like passwords spread Friday through a new technique that converted popular Web sites into virus transmitters. Though the impact of the ''Scob'' outbreak was mild compared with recent infections like ''Sasser'' and ''Blaster,'' security experts worried about its method of delivery. With Scob, virus writers have discovered yet another way - beyond e-mail and network techniques - of distributing their malicious code. Now that the exploit is out, it won't be long before others adapt it for spamming and for launching broad attacks to cripple the Internet, said Alfred Huger, senior director of engineering at security company Symantec Corp. The infection, first discovered by Microsoft Corp. on Thursday, appears to take advantage of three separate flaws with Microsoft products and can be difficult to detect. ????: NamePros.com http://www.namepros.com/warnings-and-alerts/36156-virus-warning-large-scale-attack-hits.html Stephen Toulouse, a security program manager at Microsoft, said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch available yet. He recommended that computer owners obtain the latest security updates for Microsoft products and their anti-virus and firewall programs. For the flaw that lacks a patch, he said, users should also turn up security settings on Microsoft's Internet Explorer browsers to the highest levels. Users could also turn off the ''JavaScript'' feature on their Microsoft browsers, though doing so could cripple functions on some sites. The virus does not affect Macintosh versions of Internet Explorer, nor does it spread through non-Microsoft browsers like Mozilla and Opera. Users can search their computers for the files ''Kk32.dll'' or ''Surf.dat'' to see if they are infected. Removal tools are available from major anti-virus vendors. ????: NamePros.com http://www.namepros.com/showthread.php?t=36156 Experts said the infection was unusually broad but wasn't substantially interfering with Internet traffic. The U.S. Computer Emergency Readiness Team warned that any Web site, even those trusted by users, might be a vector for spreading the virus. Security experts worked Friday to pin down how hackers managed to infect hundreds and possibly thousands of Web sites. It appears to target at least one recent version of Microsoft software for operating Web sites, called Internet Information Server. Hackers made subtle changes to the Web site so visitors get a piece of code that's designed to retrieve, from a Russian Web site, software that records a person's keystrokes. Such data, which can include credit card numbers, bank accounts and passwords, are collected for remote delivery to hackers, experts say. The virus, however, does not attempt to spread itself, helping to limit its effect. Web sites have been used before to spread a form of spyware called ''browser hijackers.'' One, known as Qhosts, disables access to major search engines and resets the Internet Explorer browser home page to a little-known site. But those typically have involved ''users having been visiting shady sites,'' Chris Kraft, senior security analyst at Sophos Inc. Here, hackers plant the code on business, government and other everyday sites they do not normally control. ''This is kind of ingenious,'' Kraft said. __________________ iPhotoForum.com The Definitive Photography Community PimpMyCase.com \| FontsnMore.com GetTipsy.com Free Drink Recipes & Mixes

06-27-2004, 12:44 PM	#4 (permalink)
netPH Senior Member Join Date: Nov 2003 Location: PH Posts: 3,027	warning: keep away from Spacecraft.ru site, I was victimized yesterday, it spreads somekind of trojan stuffs... if you'll attempt to, then better prepare a powerful anti-virus __________________ I am :cool:

06-27-2004, 06:01 PM	#10 (permalink)
Darkfire001 Senior Member Join Date: May 2003 Posts: 2,123	Never Open E-Mail Attacthments unless you are 100% sure it is safe. Also, use a Virus Scanner And the most important thing, BE PARANOID. If you think its bad, dont chance it. __________________ Reichelt Solutions

06-27-2004, 09:07 AM	#2 (permalink)
Mr. Websites Senior Member Join Date: May 2004 Location: Toronto Posts: 2,308	Damn, that sucks. These guy's are getting smarter by the day.

06-27-2004, 09:13 AM	#3 (permalink)
aww Senior Member Join Date: Jan 2004 Posts: 1,187	Actually its a trojan not a virus. Earlier thread here: http://namepros.com/showthread.php?threadid=36014

06-27-2004, 01:12 PM	#5 (permalink)
Shan Senior Member Join Date: Apr 2004 Posts: 1,747	Thanks for the warning. I saw about this virus on MSNBC 4 news, and they said that the security experts weren't willing to give out the websites the virus was on. That really sucks!

06-27-2004, 01:13 PM	#6 (permalink)
Scott Senior Member Join Date: Jun 2003 Location: UK Posts: 3,547	Moral of the story? Don't use IE.

06-27-2004, 01:34 PM	#8 (permalink)
Mr. Websites Senior Member Join Date: May 2004 Location: Toronto Posts: 2,308	What? Your dad puts restrictions as to what browser you can use?

06-27-2004, 01:54 PM	#9 (permalink)
DJ-Sound Senior Member Join Date: May 2004 Posts: 1,814	lol To help prevent Virus: NEVER follow any instruction on how to get a Virus off your computer (cause by deleating a important file bad things happen, thats the Virus), deleate your temp. internet files often. Always update your norton antiVirus and be cautious on what sites you visit. NEVER open a e-mail with a attachment unless you are expecting that e-mail. To help prevent popups: try to never download anything from the net, period! Don't click yes to any thing when visiting a website. Popups that are not blocked by your alexa or google toolbar are not from the net essently, they are Viruses that guranteed traffic companys place on your computer by adding the software with free downloads and websites all over the net. ????: NamePros.com http://www.namepros.com/showthread.php?t=36156 some tips........

06-28-2004, 07:36 AM	#11 (permalink)
Blackpanther NamePros Regular Join Date: Aug 2003 Location: Scotland, UK Posts: 304	And always keep a backup copy of your important files.. and try to become aware of the types of files running in memory that way if a strange file pops up somewhere you know how to treat it..

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

**VIRUS WARNING***Large-Scale Attack Hits Thousands of Sites

VIRUS WARNING*Large-Scale Attack Hits Thousands of Sites