Head Up : Scob! Rate High!

[SDK]

News Whore in Action!

WASHINGTON, DC, Jun. 26 (UPI) -- Hundreds of Web sites worldwide have been infected with the "Download.Ject" or "Scob" virus, created by Russian hackers.

The Washington Times reported Saturday the infected sites caused visitors to install a "trojan" program that allows someone to control a computer remotely.

The hackers took advantage of vulnerabilities in servers using Microsoft's Internet Information Services program to infect the Web sites. Computers with the Microsoft Internet Explorer Web browser were infected if they were part of a Microsoft operating system.

"An unsuspecting Web surfer might fall victim," said Neil Mehta, a research engineer with Internet Security Systems in Atlanta.

Web security firms and the U.S. Computer Emergency Readiness Team issued a warning Friday and said while this latest virus has not circulated as quickly as other recent viruses and worms, it might grow more pervasive over time.

Microsoft recommended Internet Explorer users set their security settings to the highest level.

Source : http://washingtontimes.com/upi-break...0545-9522r.htm

More Link
BBC News : http://news.bbc.co.uk/1/hi/technology/3840101.stm
Microsoft : http://www.microsoft.com/security/in...load_ject.mspx
Symantec Security Reponse : http://securityresponse.symantec.com...ob.trojan.html
F-Secure : http://www.f-secure.com/v-descs/scob.shtml
Computer Associates : http://www3.ca.com/securityadvisor/v....aspx?id=39438

[Cybr1d]

Gee, do they ever sleep?


Well at least if you update your AV with the June 25th Updates, It might stop it before it does any damage.

Now we wait and see the damage it causes amongst users with no protection

[.:front2back:.]

So does that mean that i should install Nortan back onto my Boxes...

Nah just fooling, anyhow back to the subject, i wonder just how bad this Virus Worm what ever could really get, i mean if you think about it.
People are going to try to make variants of it, and even though it hasn't spread that much of late, just think of how fast it could spread if it was pulled apart and rebuilt...
I'd say that we'd have another annoying bug going around.
But hey if the AntiVirus company's all get something released to counter attack it then it should be all good..
And it's good to see that it isn't a fault with MicroSoft this time, and all you gotta do is udjust your settings for IE, so even the illeterate can hopefully stay safe from this pest..

f2b:.

[Vorlin]

Except for the fact that putting IE's security settings on highest just about eliminates every illiterate user out there from surfing due to the complexities of what's allowed versus what's not. Highest = most secure = least convenient. And from what MS' done in the past, convenience is more important than security, no? How do you educate the masses now?

[SirDice]

This javascript footer is only part of the problem. Nobody knows how "they" got to the IIS servers in the first place. I fear there's a 0-day flooting around that exploits IIS5.

What we DON'T know, and can use some help in figuring out, is how the malware is installed on the IIS server to begin with. Is there a zero-day floating around? Is it via a known vulnerability and the use of agent.exe as mentioned above? (Ed Skodis, one of our handlers, suggested that perhaps the IIS system admin used a local copy of IE to browse a site and pulled down hostile JavaScript. Does that jive with anybody's findings?)

Our concern is that there might be an IIS zero-day floating around. We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched.

Source http://isc.sans.org/diary.php?date=2004-06-24

Edit: I posted this before I had a chance to read DjM's post here