--------------------------------------------------------------------------------
Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers said Friday after a far-reaching Internet attack had been disarmed.
The attack, which turned some corporate Web sites into points of digital infection, was halted Friday when Internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised Web sites are still trying to infect Web surfers' PCs by redirecting them to the server in Russia, but that computer can no longer be reached.
Security experts said the Russian server downloaded Trojan horse software onto a user's computer that could be used by a remote attacker to record keystrokes and steal valuable information such as passwords, credit card numbers and bank account information for remote delivery to hackers.
Cutting the link to the Russian server "stops the problem for the short term," said Alfred Huger, senior director of engineering for Symantec Corp., a security software company in Cupertino.
"However, it just takes a new culprit to come along and do the same thing, " Huger said. The Internet underground is increasingly using this type of attack as a way to get by network defenses and infect office workers' and home users' computers.
"It is a tremendously powerful way to get into a corporation," Huger said. "It is significantly easier to lure a number of employees to a compromised Web site than to get through a company's perimeter, which they may have spent hundreds of thousands of dollars to secure."
The latest Internet attack, discovered by Microsoft Corp. on Thursday, appears to take advantage of three separate flaws in Microsoft products.
Stephen Toulouse, a security program manager at Microsoft, said software updates to fix two of them were released in April, but the third flaw was just discovered, so Microsoft has no patch available yet.
Toulouse recommended that computer owners get the latest security updates for Microsoft products and their antivirus and firewall programs. For the flaw that lacks a patch, he said, users should turn security settings on Microsoft's Internet Explorer browsers to the highest levels.
Users can also turn off the JavaScript feature on their Microsoft browsers, but doing so might cripple functions on some sites.
The virus does not affect Macintosh versions of Internet Explorer, nor does it spread through non-Microsoft browsers such as Mozilla and Opera.
Users can search their computers for the files Kk32.dll or Surf.dat to see if they are infected. Removal tools are available from major antivirus vendors.
Experts said the infection was unusually broad but wasn't substantially interfering with Internet traffic. The virus does not attempt to spread itself, thus helping to limit its effect.
Still, the network of compromised Web sites used in the attack is far larger than any before, said Johannes Ullrich, chief technology officer of the Internet Storm Center, a Net threat-monitoring site. "This is the first time that this many Web sites got hit," he said.
The U.S. Computer Emergency Readiness Team warned that any Web site, even those trusted by users, might have been used to spread the virus.
The Associated Press
Web surfers are no longer playing Russian roulette each time they visit a Web site, security researchers said Friday after a far-reaching Internet attack had been disarmed.
The attack, which turned some corporate Web sites into points of digital infection, was halted Friday when Internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised Web sites are still trying to infect Web surfers' PCs by redirecting them to the server in Russia, but that computer can no longer be reached.
Security experts said the Russian server downloaded Trojan horse software onto a user's computer that could be used by a remote attacker to record keystrokes and steal valuable information such as passwords, credit card numbers and bank account information for remote delivery to hackers.
Cutting the link to the Russian server "stops the problem for the short term," said Alfred Huger, senior director of engineering for Symantec Corp., a security software company in Cupertino.
"However, it just takes a new culprit to come along and do the same thing, " Huger said. The Internet underground is increasingly using this type of attack as a way to get by network defenses and infect office workers' and home users' computers.
"It is a tremendously powerful way to get into a corporation," Huger said. "It is significantly easier to lure a number of employees to a compromised Web site than to get through a company's perimeter, which they may have spent hundreds of thousands of dollars to secure."
The latest Internet attack, discovered by Microsoft Corp. on Thursday, appears to take advantage of three separate flaws in Microsoft products.
Stephen Toulouse, a security program manager at Microsoft, said software updates to fix two of them were released in April, but the third flaw was just discovered, so Microsoft has no patch available yet.
Toulouse recommended that computer owners get the latest security updates for Microsoft products and their antivirus and firewall programs. For the flaw that lacks a patch, he said, users should turn security settings on Microsoft's Internet Explorer browsers to the highest levels.
Users can also turn off the JavaScript feature on their Microsoft browsers, but doing so might cripple functions on some sites.
The virus does not affect Macintosh versions of Internet Explorer, nor does it spread through non-Microsoft browsers such as Mozilla and Opera.
Users can search their computers for the files Kk32.dll or Surf.dat to see if they are infected. Removal tools are available from major antivirus vendors.
Experts said the infection was unusually broad but wasn't substantially interfering with Internet traffic. The virus does not attempt to spread itself, thus helping to limit its effect.
Still, the network of compromised Web sites used in the attack is far larger than any before, said Johannes Ullrich, chief technology officer of the Internet Storm Center, a Net threat-monitoring site. "This is the first time that this many Web sites got hit," he said.
The U.S. Computer Emergency Readiness Team warned that any Web site, even those trusted by users, might have been used to spread the virus.
The Associated Press
