Security researchers warned Web surfers on Thursday to be on their guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection.
The researchers believe that online organized crime groups are breaking into Web servers, surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer.
The extent of the attacks is unknown, but the security community has seen numerous cases of personal computers infected when the user merely visits a Web site.
"It is not epidemic, but it is being seen," said Alfred Huger, senior director of engineering for security firm Symantec. "Do we think it is serious? Yeah. It's a concern and it's insidious."
This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major firms, including some banks, said Brent Houlahan, chief technology officer of NetSec.
Read Article

Corporate webservers infecting visitors' PCs
Started by
NeonWizard
, Jun 24 2004 10:05 PM
2 replies to this topic
#1
Posted 24 June 2004 - 10:05 PM
#2
Posted 26 June 2004 - 02:37 PM
and no fix from microsoft yet?
<b>MYTH!!!!
Putting quotes around posts does not protect you from copy right infringement.</b>
<img src="http://img54.photobu...r_wawadave.gif" border="0" alt="IPB Image" />
Putting quotes around posts does not protect you from copy right infringement.</b>
<img src="http://img54.photobu...r_wawadave.gif" border="0" alt="IPB Image" />
#3
Posted 26 June 2004 - 03:11 PM


This is why I chose Apache and Linux for my server...
And Firefox for my browser.

Unfortunately, although I'm safe, everyone else isn't.
The Wereotter

Disabling System Restore (for XP)
Online Virus Scanners
Spybot Search & Destroy
Lavasoft Adaware
CWShredder
Javacool's SpywareBlaster
Javacool's SpywareGuard
Malware-Blocking HOSTS File
HijackThis
If you encounter any broken links, please inform me of them (virusmagnet1@viruswatch.ath.cx). Also note that these links direct through my web server to allow me to keep them up-to-date or post additional info.

Disabling System Restore (for XP)
Online Virus Scanners
Spybot Search & Destroy
Lavasoft Adaware
CWShredder
Javacool's SpywareBlaster
Javacool's SpywareGuard
Malware-Blocking HOSTS File
HijackThis
If you encounter any broken links, please inform me of them (virusmagnet1@viruswatch.ath.cx). Also note that these links direct through my web server to allow me to keep them up-to-date or post additional info.