Company Websites Spreading Spyware

Symantec are warning web surfers of a new trend in spyware and adware infections – visitors to a number of corporate websites are getting a bit more than they bargained for.

It’s claimed that organised crime groups in Eastern Europe are hacking corporate sites and installing code that takes advantage of two flaws in Internet Explorer to install spyware and other unwanted applications on visitors’ PCs without their knowledge. Spyware can be used to harvest personal details about a computer owner such as bank details, whilst adware can be used to hijack browsers and display unwanted advertising to users.

Microsoft has not yet released a patch for the flaws, leaving millions of PCs open to infection. Although the browser flaw is well publicised, there is still some confusion surrounding how hackers are installing the script on web servers running Microsoft’s IIS service in the first place.

The ISC incidents site reports: “We still do not know how the IIS servers are originally infected with the JavaScript or the modification to the configuration files… The visitor’s browser is re-directed to the Russian URL listed below [Ed: Clearly we’re not showing this] where a known Trojan program (msits.exe) is downloaded, along with some additional malware. Again, if the user’s machine is updated with current AV software, this malware is detected and blocked.”

Without listing the companies responsible for spreading the infection, they state surprise that the unwitting culprits “include businesses that we presume would normally be keeping their sites fully patched.”

Free anti-spyware and anti-virus software:

Ad-aware

AVG anti-virus software

A browser with less security holes in it:

Mozilla 1.7

Published by

Fraser Lovatt

Fraser Lovatt has spent the last fifteen years working in publishing, TV and the Internet in various capacities, and believes that they will be seperate platforms for at least a while yet. His main interests at the moment are exploring where Linux is taking home entertainment and how technology is conferring technical skills on more and more people.Fraser Lovatt was born in the same year that 2001: A Space Odyssey was delighting and confusing people in the cinemas, and developed a lifelong love of technology as soon as he realised that things could be taken apart, sometimes put back together again, but mostly left in bits or made into something the original designer hadn't quite planned upon.At school he was definitely in the ZX Spectrum/Magpie/BMX camp, rather than the BBC Micro/Blue Peter/well-behaved group. This is all deeply ironic as he later went on to spend nine years working at the BBC.After a few years of working as a bookseller in Scotland, ("Back when it was actually a skilled profession" he'll tell anyone still listening), he moved to England for reasons he can't quite explain adequately to himself. After a couple of publishing jobs punctuated by sporadic bursts of travelling and photography came the aforementioned nine years at the BBC where he specialised in internet technologies and video.These days his primary interests are Java, Linux, videogames and pies - and if they're not candidates for convergence, then what is?