Electric News.net
Wednesday, June 30 2004
by Matthew Clark
Another warning has been issued over data-stealing malware that exploits a vulnerability in Internet Explorer.
The new warning comes less than a week after e-security experts raised the alarm when it was discovered that a number of hacked Web sites were installing Trojan horses and keyloggers on computers running Microsoft's dominant Internet browser. Though the threat from last week's "download.ject" attack seems to have subsided, malware authors have not missed a beat in their efforts to use flaws in Internet Explorer as a gateway to steal banking and credit card information.
The new code, which has been identified by the SANS Institute, is delivered to users' PCs through pop-up windows that appear when users log on to financial portals.
It seems that the suspect pop-ups are delivered on certain Web sites that run ads from third-party ad servers, which appear to have been hacked. When the pop-ups appear, vulnerable versions of Internet Explorer begin downloading a malicious file that records activity -- such as passwords -- on the infected PC and sends that data to a server reportedly located in Estonia.
Some 50 financial institutions have been affected, reports claim, and a patch for the exploit used by the as-yet-unnamed malware has not been released. Experts have noted that infections are limited so far, but have expressed serious concern nonetheless.
The latest trouble is sure to add to the pressure Microsoft is facing with Internet Explorer, which has been the focus of several attacks in the last few years. Microsoft is said to be working feverishly to deliver patches for these "zero-day" bugs, and there is now speculation that the company has decided to rebuild Internet Explorer from the ground up in order to ensure that the software is air-tight.
Meanwhile, e-security advisors such as US-CERT are telling users to deactivate certain advanced functions in Internet Explorer, such as ActiveX, to help prevent infection from a whole range of viruses and Trojans. Deactivation of these higher functions is not a cure-all and could impact on the functionality of some sites, experts say.
An even safer route would be to switch to a rival Internet browser like Netscape, Safari, Opera or Mozilla, all of which have a tiny market share and are therefore rarely targeted by attackers.
http://www.electricnews.net/frontpage/news-9541452.html 
Topic: New malware attacks via pop-ups (Read 679 times)