Financial Daily from THE HINDU group of publications
Monday, Aug 02, 2004
Financial Daily from THE HINDU group of publications Monday, Aug 02, 2004 |
|
|
|
|
|
eWorld
-
Security Ouch! That hurts Pratap Ravindran
WHAT goes around comes around. Commercial enterprises, including otherwise stuffy corporations, with a web interface routinely plant spy ware and ad ware in the machines of visitors to their sites, thereby clogging pipes and slowing down data throughput. Researchers have now discovered that many corporate home pages have become foci of digital "infection" with the web underground breaking into their servers and sneaking in code that exploits security flaws in Internet Explorer to take control of the users' computer. While nobody knows the number of Web sites infected by the malicious programme, Microsoft has advised Windows users to dial up their IE security to the highest setting even though this could mess up some Web site functions — or install a third-party browser like Opera or Mozilla. Mac users have nothing to worry about. According to the Internet Storm Center (ISC), which tracks Net threats, the infected sites included some pretty big Web properties. Researchers say that the sites infected include those of major companies, including some banks and financial institutions, price comparison sites, auction sites and so on - but refrain from identifying the reported sites to safeguard against further abuse. ISC has held out the warning that the malicious programme, which is uploaded from an infected site to a surfer's computer, is currently not detected as a virus by most antivirus software. As of now, no patch from Microsoft is available either. The centre researchers believe that attackers "seed "the Web sites with malicious code by breaking into unsecured servers or by using a previously unknown vulnerability in Microsoft's Web software, Internet Information Server (IIS). When a surfer visits the site, the programme redirects him or her to one of two sites on another server, usually in Russia. That server exploits the Microsoft Internet Explorer vulnerabilities to upload a remote access Trojan horse or RAT to the surfer's computer. The programme then records the surfer's keystrokes and opens a back door in the system's security to give the attacker access to it. According to security analysts, the code appears to be more a means of spreading spam than the component of a distributed denial of service (DDOS) attack. Be that as it may, anxiety levels are running high among Internet Explorer users as this security scare comes on the heels of an incident involving the purveyor of ad ware using security flaws in the Microsoft IE browser to install a toolbar on surfers' computers which changes the IE home page and connects to advertising sites and displays pornographic pop-up ads, according to a Symantec advisory on ad ware posted on the antivirus company's Web site. Microsoft, in this case, has adopted the view that this constitutes a criminal offence and is understood to be working together with law enforcement authorities, including the Federal Bureau of Investigation (FBI) to prosecute those responsible for the installation of advertising software in the surfers' machines by exploiting hitherto unknown IE vulnerabilities. The company is further said to be working on a patch. Picture by Sampath Kumar G.P.
Article E-Mail :: Comment :: Syndication :: Printer Friendly Page
|
Stories in this Section |
|
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription Group Sites: The Hindu | Business Line | The Sportstar | Frontline | The Hindu eBooks | Home |
Copyright © 2004, The
Hindu Business Line. Republication or redissemination of the contents of
this screen are expressly prohibited without the written consent of
The Hindu Business Line
|