Symantec are warning web surfers of a new trend in spyware and adware infections – visitors to a number of corporate websites are getting a bit more than they bargained for.
It’s claimed that organised crime groups in Eastern Europe are hacking corporate sites and installing code that takes advantage of two flaws in Internet Explorer to install spyware and other unwanted applications on visitors’ PCs without their knowledge. Spyware can be used to harvest personal details about a computer owner such as bank details, whilst adware can be used to hijack browsers and display unwanted advertising to users.
Microsoft has not yet released a patch for the flaws, leaving millions of PCs open to infection. Although the browser flaw is well publicised, there is still some confusion surrounding how hackers are installing the script on web servers running Microsoft’s IIS service in the first place.
The ISC incidents site reports: “We still do not know how the IIS servers are originally infected with the JavaScript or the modification to the configuration files… The visitor’s browser is re-directed to the Russian URL listed below [Ed: Clearly we’re not showing this] where a known Trojan program (msits.exe) is downloaded, along with some additional malware. Again, if the user’s machine is updated with current AV software, this malware is detected and blocked.”
Without listing the companies responsible for spreading the infection, they state surprise that the unwitting culprits “include businesses that we presume would normally be keeping their sites fully patched.”
Free anti-spyware and anti-virus software:
A browser with less security holes in it:
