Microsoft Releases Internet Explorer Fixes

Microsoft on Friday released a "configuration change" designed to protect Internet Explorer users from what's known as the "Download.Ject" or "Scob" attack.

The security stopgap aims to thwart a two-pronged attack that surfaced on June 24. The first portion of the attack targeted Windows 2000 Servers running Internet Information Services 5.0 that hadn't been patched with the Microsoft Security Bulletin MS04-011 released in April. The attackers planted on those servers malicious code that's designed to infect the PCs of Web surfers who visited those sites.

Web surfers who visited infected Web sites then were attacked through several vulnerabilities within Internet Explorer. At that time there was no fix or patch available for one of the flaws, commonly known as ADODB, for which Microsoft issued the fix Friday.

The attackers used that vulnerability to insert Web-site objects that had malicious JavaScript code attached to them. The JavaScript then, in the background, contacted another Web site that inserted malicious software on the Web surfer's system.

Security experts were unclear about the motive behind the attack. Some said it was traced to a Russian Web IP address of known spammers; others said it was designed to steal consumers' financial information.

The Russian IP address that infected Web surfers' systems was quickly shut down, Microsoft said. However, security experts were quick to warn that the same attackers, or copycats, could quickly try the same attack ploy or some variation.

Microsoft also released a fix, or configuration change, for Windows XP, Windows Server 2003, and Windows 2000 operating systems that protects against the unpatched ADODB vulnerability. The configuration change is available on Microsoft's Download Center and will soon be available through Windows Update. Microsoft also promises to release a series of security updates for Internet Explorer.

These fixes are urgent. Days after the June 24 attack, the SANS Institute Internet Storm Center reported an attack aimed at pop-up ads surfaced on the Internet, also designed to infect Web surfers using Internet Explorer. The pop-up ads inserted on users' systems spyware designed to capture logon information for dozens of financial organizations worldwide, says Marcus Sachs, director of the SANS Internet Storm Center.

The targeted financial institutions include Citibank, Barclays, and Deutsche Bank.

The spyware code was designed to capture user logon information as it was typed but before the user name and pass codes were encrypted to be transmitted across the Internet, Sachs says.

Sachs says in this attack, the user information was sent to a Web site in San Diego that was quickly shut down Wednesday after SANS contacted the FBI about the attack.

To make matters worse for users of virtually every Web browser, Danish security firm Secunia on Friday issued a security alert it dubbed "moderately critical" that affects virtually every Web browser.

According to Secunia's advisory, the browser vulnerability makes it possible for a remote attacker to conduct a spoofing attack on Web surfers. This type of attack makes it possible to insert potentially malicious content within a browser window opened by a trusted site. The flaw affects Internet Explorer 5.x for the Mac, Konqueror 2.x, Netscape 6.x and 7.x, Safari 1.x, as well as multiple versions of Mozilla and Opera. Secunia's advisory is available here.

Microsoft has published information designed to help users protect themselves while surfing the Internet: The configuration change is, or will soon be, available here.

More information about the Scob attack is available here. And general information about computer security and safety from Microsoft is available here.