JS.Scob.Trojan

I just recieved an email from Department of Homeland Security:

The Despartment of Homeland Security warned Windows users Thursday night about a virus that can infect systems just by visiting a compromised web site. Hackers have been breaking into sites running Microsoft’s IIS web server and appending hidden Javascript to pages. When users visit the page, the Javascript code loads malicious code hosted on a Russian server.

There’s quite a bit of panic over this particular exploit. CERT is telling users to turn off Javascript. “US-CERT recommends that end-users disable JavaScript unless it is absolutely necessary. Users should be aware that any web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code.” According to the Internet Storm Center several major sites have been compromised. There is currently no patch for the exploit, however you should update your anti-virus software immediately. Most AV software will detect the infection as the JS.Scob.Trojan.

Should you stay off the net today? CNET quotes Brent Houlihan, chief technology officer of NetSec, “I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now.”

Or use Mozilla. Or Firefox. Or Opera. Or Safari. Or anything but Internet Explorer. And by the way, IIS ain’t such a hot idea either.

Does anyone know anything about this trojan named JS.Scob.Trojan? Any and all help would be appreciated/

“JS.Scob.Trojan” was called by Symantec, isn’t it ?

ITmedia (in Japanese) is recommending IE users to get “MS04-013” and to turn JavaScript off.

I think “Opera” has a security hole on its address bar.

As always, the moral of the story seems to be keep your winOS up to date (or don’t use IE, OE, etc.) with regular visits to windows update.

The MS security bulletin Iso-G refers to is in fact a cumulative update for Outlook Express.

Microsoft Security Bulletin MS04-013
Cumulative Security Update for Outlook Express (837009). You can check for this update on your system.

http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx

Does anyone know if it has been added to the VPS database. See earlier post for more information.

I have read the news again. I knew I misunderstood it.

That news says :
The Windows user performs Windows Update, and applies the newest patch also including MS 04-013.

Thank you very much, DavidR. :wink:

Another (“Internet Watch”) was found. It says :
According to Microsoft, it is supposed that it will be infected by “Download.Ject” when Windows 2000, on which IIS is operating, has not been applied the security correction program “MS 04-011”. - (abbreviation) -
When the files of “Kk32.dll” and “Surf.dat” are found by searching, it is supposed that doubt of infection by “Download.Ject” is high.

I hope VPS updating earlier.

I am so glad I use Firefox instead of IE, wheew!