how-to block ads
|
|
Uniqs:
320 |
Share Topic
 |
 |
|
|
|
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB
3 edits | Trojan Download.Ject JS.Scob.Trojan JS.Toofeer (Download.Ject is also known as: JS.Scob.Trojan, Scob, and JS.Toofeer.)
Microsoft is releasing a configuration change to MSIE today that is intended to address malicious attacks against MSIE users. It will be released via Windows Update.
This update will act to prevent infection.
If you are infected already, please follow the steps here: »Security »I think my computer is infected or hijacked. What should I do?
quote:
-----BEGIN PGP SIGNED MESSAGE-----
Summary:
========
On Friday, July 2, 2004, Microsoft is releasing a configuration
change for Windows XP, Windows 2000, and Windows Server 2003, to
address recent malicious attacks against Internet Explorer, also
know as Download.Ject. More information is available at
www.microsoft.com/presspass.
Windows customers are encouraged to apply this configuration change
immediately to help be protected from current Internet Explorer
exploits. The update is available on Windows Update.
Microsoft's guidance for consumers and enterprises is as follows:
Guidance for Consumers:
=======================
The configuration change will be delivered automatically for
customers that have enabled automatic updates from Windows
Update. The configuration change can also be obtained by
manually visiting the Windows Update site at
»windowsupdate.microsoft.com .
... ... ...
* Customers who have installed Windows XP SP2 RC2 are already
protected from the Download.Ject exploit and do not need the
update.
* This configuration change is a defense in depth measure which
disables an ActiveX control known as adodb.stream. Disallowing
this functionality prevents an attacker from placing malicious
code on a PC hard drive and will prevent the Download.Ject attack.
* Customers can get more information about the Download.Ject attack,
how to be protected and how to get cleaned in the event of
infection at:
»www.microsoft.com/security/incid···ect.mspx .
... ... ...
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
 CudniLa Merma - VigiladoPremium,MVM
join:2003-12-20
Someshire
kudos:13 | Re: MSIE update for Download.Ject - July 2 Also covered in
»MS Critical Update - Disable ADODB.Stream
Cudni | |
keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB
3 edits | reply to keith2468
Trojan Download.Ject JS.Scob.Trojan JS.Toofeer Ah, okay, that is the same thing except for the manual steps:
1.
Install Critical Updates
Visit the Download Center to install this critical update.
»www.microsoft.com/downloads/deta···yLang=en
2.
Check for Infection
To determine if the malicious code is on your computer, search for the following files:
Kk32.dll
Surf.dat
Steps for Windows XP users:
On the taskbar at the bottom of your screen, click Start, and then click Search.
Under What do you want to search for? click All files and folders.
Under All or part of the file name:
type: Kk32.dll
and then click the Search button.
Under All or part of the file name:
type: Surf.dat
and then click the Search button.
If either of these files is present, your computer may be infected. You can find tools to clean your computer and obtain up-to-date antivirus protection from the following software vendors participating in the Microsoft Virus Information Alliance:
Symantec
F-Secure
Trend Micro
Network Associates
Computer Associates
»Security »What are some web based virus scanners and encyclopedias?
3.
Increase Your Browsing and E-Mail Safety
Follow the steps outlined on the page to Increase Your Browsing and E-Mail Safety.
»www.microsoft.com/security/incid···ngs.mspx | |
 stromi
join:2000-06-11
Englishtown, NJ
1 edit | Rec'd from M$ today:
Microsoft has learned of a Trojan program that is downloaded by the Download.Ject malware, also known as Scob, to client machines from infected IIS servers. When a user visits a Web site hosted on an IIS server that is infected with Download.Ject, the Web pages downloaded to the user's system contain an additional JavaScript program that downloads another Trojan program to the user's system. This second Trojan is called Backdoor:W32/Berbew, also known as Backdoor-AXJ, Webber, or Padodor. When this second Trojan runs on the user's machine, it performs several actions, including:
- Monitoring Internet access. When the user visits one of several financial or ISP Web sites, the Trojan captures sensitive information-such as log-in names, passwords, and so on-and sends it to a Web server for the Trojan's author to retrieve.
- Installing a proxy server that allows the user's system to be used as a relay for such actions as sending spam.
- Opening fake dialog boxes that prompt the user to enter confidential information such as ATM card codes, credit card numbers, and so on. This information is then sent to a Web server for the Trojan's author to retrieve.
Microsoft has released a tool to help you remove Backdoor:W32/Berbew Trojan variants from your computer. You can download this tool from the Microsoft Download Center and run it on your computer to remove Backdoor:W32/Berbew.A, Backdoor:W32/Berbew.B, Backdoor:W32/Berbew.C, and Backdoor:W32/Berbew.D, Backdoor:W32/Berbew.E, Backdoor:W32/Berbew.F, Backdoor:W32/Berbew.G and Backdoor:W32/Berbew.H infections. This tool is discussed in Microsoft Knowledge Base article 873018. This KB can be found here: »support.microsoft.com/default.as···d=873018
If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.
Thank you,
Microsoft PSS Security Team | |
|
