Sign Up: Free Daily Tech E-letter  
Technology Home
Washtech
Tech Policy
   -Copyright
   -Cybercrime
   -E-Taxes
   -FCC
   -ICANN
   -Security
Government IT
Markets
Columnists
Personal Tech
Special Reports
Jobs

Advertisement
Company Postings
Get Quotes
Press Releases
Tech Almanac

PC Users Warned of Infected Web Sites

Advertisement


E-Mail This Article
Print This Article
Permission to Republish
_____What You Can Do_____
How to Protect Your Computer (washingtonpost.com, Jun 25, 2004)
_____Filter_____
WWW.Danger.Net Clever hackers have come up with another way to harass users of the Windows operating system, devising a way to hijack computers that visit certain Web pages.
_____On the Web_____
SANS - Internet Storm Center Warning (Compromised Web Sites Infect Web Surfers)
US-CERT Alert (IIS 5 Web Server Compromises)
_____Cyber-Security_____
Web Worm Spreads, Slows Google Searches (washingtonpost.com, Jul 26, 2004)
Report Faults Cyber-Security (The Washington Post, Jul 23, 2004)
Advertiser Charged in Massive Database Theft (The Washington Post, Jul 22, 2004)
More Security News
___Tech Policy/Security E-letter___
Written by washingtonpost.com's tech policy team, the e-mail version of this weekly feature includes an original news article and links to policy and cyber-security stories from the previous week.
Click Here for Free Sign-up
Read E-letter Archive


By Brian Krebs
washingtonpost.com Staff Writer
Friday, June 25, 2004; 4:37 PM

Computer security experts and the federal government are warning Internet users to take extra precautions when browsing the Web after an Internet attack seeded Web sites with programs that hackers can use to steal personal information.

The attack is more dangerous than most, according to the government's US-CERT cybersecurity center, because infection is possible just by visiting affected Web sites, according to US-CERT, a division of the U.S. Department of Homeland Security.

The attackers, whose identities are unknown, targeted a flaw in Web sites powered by Microsoft's Internet Information Services Web server (IIS). The sites hit by the attack were programmed to redirect the Explorer browser to another Web site that contains code that hackers use to record what people type on their keyboards -- including data such as passwords, credit card and Social Security numbers. The code then e-mails that information back to the attackers.

Computers that run Microsoft's Internet Explorer browsers are vulnerable to infection, according to US-CERT. The CERT warning said Internet Explorer users can protect themselves by turning off the "javascript" function in their browsers. Javascript is a computer language often used in building Web sites. The attack takes advantage of two recently discovered security flaws in Internet Explorer. Microsoft released a patch in April to fix one of the security holes; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.

CERT recommends that Internet Explorer users consider different browsers such as Mozilla Firefox, Netscape Communicator or Opera. For people who continue to use Internet Explorer, CERT and Microsoft recommend setting the browser's security setting to "high."

Among the several Web sites hit were kbb.com, the Internet address of the Kelley Blue Book automobile pricing guide, and MinervaHealth, a health care financing company based in Jackson, Wyo.

Robyn Eckard, a spokeswoman for the Irvine, Calif.-based Kelley Blue Book, said the company learned about the problem late Wednesday after Web site visitors said their antivirus software tipped them off to the code. Eckard said Kelley Blue Book removed the malicious code from its site by late Thursday afternoon.

Jennifer Scharff, vice president of marketing for the company MinervaHealth, said some of the company's clients reported the problem on Thursday. The company has since fixed its site, she said. Scharff said no more than 50 visitors browsed the Web site during the time it was serving up the hostile code.

In addition, at least one auction page on the eBay online auction site contained a photograph that links to an infected Web site, said Johannes Ullrich, chief technology officer for the Bethesda, Md.-based SANS Institute's Internet Storm Center.

Security experts said that the attack reveals the evolution of "phishing" scams, a form of fraud designed to trick people into giving up their personal data to criminals who have designed Web sites to look like those of respectable companies.

CONTINUED
1 2     Next >
Print This Article


TechNews.com Home

© 2004 Washingtonpost.Newsweek Interactive

Company Postings: Quick Quotes | Tech Almanac
About TechNews.com | Advertising | Contact TechNews.com | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication