‘Hundreds Of Websites Still Infected By Scob Trojan’
Just how many websites have been compromised by last week’s attack of the Scob trojan?
A report released today by Cyveillance, a U.S. based ‘provider of online risk monitoring and management solutions’, concludes that 641 sites were still infected with the JS.Scob.Trojan virus as of June 27, 2004. The company says it used its proprietary Internet monitoring technology to visit all known sites running Microsoft Internet Information Services 5.0 (IIS) — the vulnerable software — and identify which ones were compromised.
As Cyveillance CEO Panos Annastasiadas points out, “this newest form of phishing is far more devious than email-based attacks since a key-stroke logger is installed completely passively on the individual’s computer, without the victim falling for a scam.” Annastasiadas also says “loggers can capture far more personal information than is typically shared with a single phishing site.” That’s an interesting assertion, and I’m not sure it’s completely true. Some phishing sites sought — and presumably got — a wide array of personal information that would not normally be typed into the computer (and therefore not usually caught by keyboard loggers). Of course, the trojan in question may capture more than keystrokes, by, say, probing the hard disk, but I would say a social-engineered phishing attack that lures the victim into entering private data on a kosher-looking web site is going to give the attacker a much more complete picture for the purposes of ID fraud and emptying bank and credit card accounts than random passwords logged and sent back to scammer HQ.
Anyway, Cyveillance says it gathered its data from a previous audit it had conducted of some 50 million web sites, or domains. This audit had revealed some 6.2 million web sites known to run IIS 5.0, the Microsoft software with the hole. It then ran its proprietary technology over those web sites and found 641 confirmed cases. It doesn’t say what those domains were, and 641 doesn’t sound a lot. But given that this test was run several days after the initial attack, probably most of the people running those domains don’t know they’re infected, so that’s still 641 too many.
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to print (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Share on Skype (Opens in new window)
29. June 2004 by jeremy
Categories: Malware, Security | Tags: bank, CEO, Cybercrime, Cyveillance, Download.ject, Internet Information Services, kosher-looking web site, logger, Microsoft Internet Information Services, online risk monitoring, Panos Annastasiadas, phishing, social engineering, vulnerable software | Comments Off on ‘Hundreds Of Websites Still Infected By Scob Trojan’