Security news
Security news25 June 2004
Internet websites under attack? Microsoft issues advice to website owners and internet surfers
 |
| Microsoft has described the vulnerability as critical |
Following several media reports of many websites being affected by a new piece of malware known as JS/Scob-A (also know as Download.Ject or Toofer), Microsoft has published advice to both corporate and home users.
Scob appears to affect websites running Microsoft IIS 5.0 and has been found appending its malcious section of JavaScript code into HTML webpages. Websites running latest versions of Microsoft IIS, or who use web software from other vendors, do not appear to be affected.
If users of Internet Explorer visit webpages infected by Scob, their computer may attempt to download a file from a Russian website. Currently the website is unavailable.
Sophos recommends that companies who haven't already done so consider applying the many security patches available from Microsoft's website. Home users are advised to visit windowsupdate.microsoft.com.
Sophos suggests computer users sign up for email notification of new virus threats and add a live virus information feed to their websites.
Customers using Enterprise Manager or the Sophos Anti-Virus Small Business Edition were automatically protected against Scob at their next scheduled update. However, Sophos recommends users who haven't already done so apply the security patch from Microsoft. Home users are advised to visit windowsupdate.microsoft.com.
