MS Releases Fix for IE Phishing Exploit

Filed in: Microsoft, Security — July 3rd, 2004

advertisement

Microsoft has released a fix to address last week’s Phishing attack that spread through compromised IIS web servers. The update changes the configuration on Windows XP, Windows 2000, and Windows Server 2003 to address the malware attacks, known as Download.Ject.

The update disables an ActiveX control known as adodb.stream, which will prevent the Download.Ject attack. The malicious code was being downloaded from the infected IIS servers onto users’ machines, and included a trojan that records keystrokes in an attempt to capture eBay and Paypal passwords. The Russian server distributing the attack code was shut down on June 24, four days after the first reports of the exploit, but security professionals predict that copycats are likely to try and replicate the attack.

The configuration change is currently available on Microsoft’s Download Center and will be made available later today on Windows Update.

[ Quoted from Netcraft.com ]

Bookmark and Share

Read also:

« Samsung 3D Gaming Phone
Dream Workshop: Choose Your Dream »
  • Our free software, Inspector Brown empowers users to fight back against scams, fraud, identity theft phishing and spam.
    Users install the software and have the ability to report fraudulent sites.

    The software works similar to anti virus software, it alerts users to fraudulent websites each time they visit such a site.
    We give each user a unique user ID and key to keep everyone honest and the black list accurate.
blog comments powered by Disqus