Categories
Ject Reloaded: Back with all new powers of doom.
Patches MS03-025 and MS03-040M should be installed on your systems without delay, as Download Ject is back and ready to rock. Thought to have been eradicated, it is in fact potentially more of a threat than ever before as analysts and AV companies waste time squabbling over exactly what this new strain does. The attacks begin with instant messages sent to people using America Online's AOL Instant Messenger or ICQ instant messaging program. The messages invite recipients to click on a link to a web page, with invites such as "Check out my new home page!" The messages could appear to be sent from strangers or from regular IM chatters that you already know. If you click, you are taken to one of a handful of attack web pages hosted on servers in Uruguay, Russia and the USA. There, a Trojan horse program is downloaded. In addition to opening a "back door" on the victim's computer through which additional malicious programs can enter, the new attacks change the victim's web browser home page or Outlook e-mail search page to websites featuring adult content.
SP2 should not be affected - with regards to messengers, AIM and ICQ are affected, possibly along with some others - but anything that opens up into IE could unleash a world of hurt. Under no circumstances should anyone click any unusual looking messages in their IM software.
The old Ject only worked if running on a compromised site hosted on a Microsoft 5.0 server....Linux boxes were unaffected. It's not been confirmed yet but its a fair bet that the new version won't work on Linux servers either. Hopefully.
Links:
MS03-025
MS03-040M
What you should know about Ject
Removal tools
Patch information
