Antivirus experts and the U.S. Homeland Security (news - web sites) Department are warning of a mysterious virus that has attacked "thousands" of Web servers that power a number of popular Web sites, none of which the department has yet identified.
• Cabir Virus First To Attack Cell Phones
• Zafi.B: Virus of Babble
• Who's Getting Rich on Computer Viruses?
• Symantec Announces First 64-Bit Virus
• Why Are Virus Writers So Tough To Catch?
Newsletter Subscription
Related Quotes
MSFT
DJIA
NASDAQ
^SPC
28.28
10357.09
2019.82
N/A
-0.29
-14.75
-5.65
N/A
delayed 20 mins - disclaimer
Quote Data provided by Reuters
Called "Scob" or "Download.Ject" or "Toofer," the virus apparently implants malicious code onto unprotected PCs of visitors to these sites, thus turning the computers into zombies that can accept and send out spam.
"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the U.S. government warns.
Target: Internet (news - web sites) Information Server (news - web sites)
The virus apparently is targeting at least one version of Microsoft (Nasdaq: MSFT - news) software that operates many Web sites called "Internet Information Server."
Microsoft has posted a security alert about this. Also impacted, it says, are customers using Microsoft Internet Explorer. It does note that customers that have deployed Windows XP (news - web sites) Service Pack 2 RC2 are not at risk.
However, Web servers running Windows 2000 (news - web sites) Server and IIS that have not applied update 835732, "are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code," according to the Microsoft alert.
Anonymity Helpful
"This is yet another example of why Web site and corporate system administrators need to be on top of their security patches," Panda Software CTO Patrick Hinojosa told NewsFactor.
Not naming the infected Web sites, he added, is actually a good idea. "What could happen is that other hackers could then go into those sites to figure out how it was done," Hinojosa explained.
Besides, at this point, the system administrators of the sites probably have figured out if theirs was infected and are taking the appropriate steps to fix the flaw.
Original Post