By Robert MacMillan washingtonpost.com Staff Writer
Friday, June 25, 2004; 9:40 AM
It looks like the Internet is turning into a world wide minefield this morning.
Internet security companies and cybersecurity experts in the federal government are warning computer users to guard against a new online attack that can affect PCs running the Windows operating system. What makes this latest threat particularly scary is that computers can be affected just by visiting a Web site that has been compromised by hackers.
"The virus-like infection tries to implant hacker software onto the computers of all Web site visitors. Industry experts and the Homeland Security Department were studying the infection to determine how it spreads across Web sites and find adequate defenses against it," reported the Associated Press in a story that was picked up by most of the general-interest news Web sites this morning. The AP also cited an alert issued last night by government cybersecurity experts: "Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code."
Kudos to the AP for taking a realistic approach to the story. The news service quoted cybersecurity expert Marcus Sachs as saying that the incident is significant but "has no impact on the operation of the Internet." (Which you, Filter reader, could probably ascertain if you're able to read this column on your computer.) Nevertheless, the AP story falls into a familiar refrain that plagues many cybersecurity accounts: It's a really, really, really serious problem and your computer will be fried if you don't do something about it, but relax. The AP, for instance, followed that calming news from Sachs with this: "Experts urgently recommended consumers and corporate employees to update the antivirus software on their computers, since the latest versions can immunize visitors to infected Web sites."
The Associated Press via washingtonpost.com: Experts Study Developing Internet Attack (Registration required)
Hit the Panic Button
CNET's News.com painted its picture in somewhat darker tones, citing nervous cybersecurity experts: "The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer. The extent of the attacks is unknown, but the security community has seen numerous cases of personal computers infected when the user merely visits a Web site. 'It is not epidemic, but it is being seen,' said Alfred Huger, senior director of engineering for security company Symantec. 'Do we think it is serious? Yeah. It's a concern and it's insidious.'"
CNET's News.com: Corporate Web Servers Infecting Visitors' PCs
IDG News Service via InfoWorld: New Attack Hitting Web Users Through Major Sites
Get Out of the Cyberspace!
So which sites should we avoid? News.com delivers a most perplexing answer: "The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties. 'We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched,' the group stated on its Web site." Well thanks, guys, might as well keep us on our toes today...
Best quote of the days goes hands down to Brent Houlihan, chief technology officer of NetSec, who delivered this beaut to News.com: "I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now."
Now for the most important question: Where's Microsoft and what's it doing to fix this? The Internet Storm Center "pointed out that the malicious program uploaded to a victim's computer is not currently detected as a virus by most antivirus software. With no patch from Microsoft, that leaves Internet Explorer users vulnerable. A representative of the software giant was not immediately available for comment on when a patch might be available," News.com reported.
If you're a non-techie and you've made it this far into the soup, you're probably asking yourself, "Why anybody would waste their time injecting poisonous code into pictures on Web sites?" Thank heaven there's eWeek with an explanation: "Compromised PCs often are used by attackers to launch large-scale [denial-of-service] attacks against one or more targets. And they also are valued by spammers who like to install software that enables them to send large volumes of spam messages from the machines. Using dozens or hundreds of compromised PCs makes it virtually impossible for investigators to track attacks or spam back to the original source." See? It's all about the money. It goes to show that even socially maladjusted hackers and spammers share some common goals with the rest of us.
eWeek: Web Graphics Exploit Marching Across Internet