My wife got this e-mail from the LAN folks at her office:
Subject: Simple message explaining the problem and solution.
"If you have a computer at home and connect to the Internet with Internet
Explorer read on; To make a very long story short, there are a large
number of Microsoft web sites, some of them quite popular, that were
compromised earlier this week to distribute malicious code. Several
server administrators reported that they were infected even though they
were fully patched. This means that all Microsoft IIS Webserver's (Web
Sites) should be treated as infected.
By visiting an infected site, the compromised web server would instruct
the user's browser to download an executable program from a Russian web
site and install it. Different executables were observed. These trojan
horse programs include keystroke loggers, proxy servers and other back
doors providing full access to the (your) infected system.
This exploit uses a so far unpatched vulnerability in Microsoft Internet
Explorer to download and execute the code. No warning will be displayed.
The user does not have to click on any links. Just visiting an infected
site will trigger the exploit.
NOTE: In the past for this type of exploit to work the attacker had to
spoof the victim to a web site that contained the compromising code.
With this exploit you just visit your TRUSTED web site and you get
compromised. This is a new ballgame!
How can you protect yourself? Install and maintain anti virus software
(may not find a new zero day trojan). If possible turn off javascript
which will probably break most websites.
OR
use a browser other then Microsoft Internet Explorer MSIE (best idea
yet) until the current vulnerabilities in MSIE are patched. Netscape and
www.Mozilla.org are good choices.
P.S. tell your friends and family.
At COMPANY X I.S. has turned off all direct access to the internet which
may cause some of you problems with downloads. If this happens contact
---------- for assistance.
Subject: Simple message explaining the problem and solution.
"If you have a computer at home and connect to the Internet with Internet
Explorer read on; To make a very long story short, there are a large
number of Microsoft web sites, some of them quite popular, that were
compromised earlier this week to distribute malicious code. Several
server administrators reported that they were infected even though they
were fully patched. This means that all Microsoft IIS Webserver's (Web
Sites) should be treated as infected.
By visiting an infected site, the compromised web server would instruct
the user's browser to download an executable program from a Russian web
site and install it. Different executables were observed. These trojan
horse programs include keystroke loggers, proxy servers and other back
doors providing full access to the (your) infected system.
This exploit uses a so far unpatched vulnerability in Microsoft Internet
Explorer to download and execute the code. No warning will be displayed.
The user does not have to click on any links. Just visiting an infected
site will trigger the exploit.
NOTE: In the past for this type of exploit to work the attacker had to
spoof the victim to a web site that contained the compromising code.
With this exploit you just visit your TRUSTED web site and you get
compromised. This is a new ballgame!
How can you protect yourself? Install and maintain anti virus software
(may not find a new zero day trojan). If possible turn off javascript
which will probably break most websites.
OR
use a browser other then Microsoft Internet Explorer MSIE (best idea
yet) until the current vulnerabilities in MSIE are patched. Netscape and
www.Mozilla.org are good choices.
P.S. tell your friends and family.
At COMPANY X I.S. has turned off all direct access to the internet which
may cause some of you problems with downloads. If this happens contact
---------- for assistance.