I just recieved an email from Department of Homeland Security:
The Despartment of Homeland Security warned Windows users Thursday night about a virus that can infect systems just by visiting a compromised web site. Hackers have been breaking into sites running Microsoft’s IIS web server and appending hidden Javascript to pages. When users visit the page, the Javascript code loads malicious code hosted on a Russian server.
There’s quite a bit of panic over this particular exploit. CERT is telling users to turn off Javascript. “US-CERT recommends that end-users disable JavaScript unless it is absolutely necessary. Users should be aware that any web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code.” According to the Internet Storm Center several major sites have been compromised. There is currently no patch for the exploit, however you should update your anti-virus software immediately. Most AV software will detect the infection as the JS.Scob.Trojan.
Should you stay off the net today? CNET quotes Brent Houlihan, chief technology officer of NetSec, “I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now.”
Or use Mozilla. Or Firefox. Or Opera. Or Safari. Or anything but Internet Explorer. And by the way, IIS ain’t such a hot idea either.
Does anyone know anything about this trojan named JS.Scob.Trojan? Any and all help would be appreciated/
I have read the news again. I knew I misunderstood it.
That news says :
The Windows user performs Windows Update, and applies the newest patch also including MS 04-013.
Thank you very much, DavidR.
Another (“Internet Watch”) was found. It says :
According to Microsoft, it is supposed that it will be infected by “Download.Ject” when Windows 2000, on which IIS is operating, has not been applied the security correction program “MS 04-011”. - (abbreviation) -
When the files of “Kk32.dll” and “Surf.dat” are found by searching, it is supposed that doubt of infection by “Download.Ject” is high.