Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Hackers Use BBC News as IE Attack Lure



 By: Ryan Naraine
2006-03-30
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The ongoing zero-day attacks against Internet Explorer users have taken an ominous social-engineering twist.

The ongoing zero-day attacks against users of Microsofts Internet Explorer browser have taken an ominous, social-engineering twist.

According to an alert issued by Websense Security Labs, in San Diego, excerpts from actual BBC News stories are being used to lure IE users to Web sites that launch drive-by downloads of bots, spyware, back doors and other Trojan downloaders.

One version of the spammed e-mail seen by eWEEK contains a portion of a BBC News item published on March 27 about the Chinese yuan hitting a post-revaluation high against the U.S. dollar.

After the legitimate excerpt, the hackers embedded a "read more" link that points to a Web site that contains a spoofed copy of the BBC News story from the e-mail.

Resource Library:
Websense researchers found that the rigged site exploits the unpatched createTextRange vulnerability to download and install a keystroke logger without any user action.

The keylogger monitors activity on various financial Web sites and uploads captured information back to the attacker. It appears that this is the work of a well-organized identity theft ring, stealing bank log-ins and other sensitive user information.

Click here to read more about drive-by attacks on the Internet Explorer vulnerability.

The latest twist comes almost a week after the first wave of attacks started dropping a variant of SDbot, a type of back-door attack that gives hackers complete control of infected computers. SDbot allows attackers to control victims computers remotely by sending specific commands via IRC (Inter Relay Chat) channels.

The earlier exploits were being launched from several legitimate Web sites that were hijacked and seeded with malicious code. These include an airline ticketing system, an insurance sales site and a site that sells e-commerce software.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Microsoft, in Redmond, Wash., has described the attacks as "limited in scope" and said it plans to ship a comprehensive browser fix on April 11.

The company is also mulling a plan to release an emergency, out-of-cycle update prior to next months Patch Tuesday.

In the absence of a Microsoft patch, two well-respected Internet security companies—eEye Digital Security and Determina—have released unofficial hotfixes to provide temporary protection for IE users.

Since the release of eEyes third-party patch on March 28, the company has counted more than 92,000 downloads.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Hackers Use BBC News as IE Attack Lure
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


xr㶲0;; ʷ♵M=RJVlҌפN!1Erm%gy 7](L&%lݍF$\:arsÙc |:IC"I{C(~4`Zϩ:AzNɑ,G)~-sbs#j5w5Gl$J{'AT{:j xL9uΜMꇲ9'ԗoOae0-ڶAq6)6j9a>?XX$)qLD.{L~Th4NHXߢر7{Xe3g71m CKd/B(?cc?C=y'f^WB(ƻF{ikc2=rt=yͰ [ az.91rx&ҽ{@ *YNrDƞ4HCKd"˝LJQ`:t,#G@ݑc9 N\^"Z3ӂ螩[Gmɧ9\gԏPL0Hό,{`:E%$7 V.qO-%0/6`=2}h .:!뺷}=:Gϙ1{֛i]Ԓ],r"U)wC>OdБ!Zdq=}9efe6 uRM*IR,הbY4my-Ӟ?89n~~wڻTʪ)JwݹɑCK -%u`(:g^Oۗa\b'H H7&LT)Jj\(̒LCa:b= uz+P %opKX+hvd(-bv=ӧ0Cƌ_8RCf9O-Ҿoon;6.No;sdo̲3JEӀ Zvf#?>#Ww筻ku{#[j융{ GlH  Wh6 N/f vO|nif dP{pHj&~hund[7N/;g$']L[Et7Q[,s$B&rV~BX*,>JAͼ94o o 3NE ;- ujf5ͪZ*G`KS703Is;nZK}0[=RF\ ДaCXذ 1"%̛ hJH{e $}ВEtBAͨO%ތE< eF"ȅQ.% Ć> z%Kus7p#K˚fe՜Ӆ]Wa. oY#L .ϱ'v"uڽ^}8^%g 5F8 ,ieݴ%!8WG5MGRŦcWJPX=)‹JMUN~ _1p-~~j0B m] :V}y0`hvz?3Ϩagnۉ9~t$AG66^lK $ ,70}HOQI4wX8x=cOv/|\aPn=D5 l"v|sc|`ya2y0fC?F{wt( u,/{D`\@Z8`$8ʼE]q2>o  ɜ?覥M L<ģ|D }r (~9-RC/1tKt=JIA }At"AђF *4 gsSX"C"' `[Xk ab .<ҮBISvn<){TKh!+K@fsfh(4{~FX9{DMfT`B[ᛥBKak`F]rA+ŲMCAIYB8ZUjʫ3+6ŝ}ӆ)t챧Q0M/Cw)iJI ?,xpoȄIs¦MS%=LG"z [q37oj7ab<"c>l^ٜi893A0>A̞P,:2s|}>I8%/5+:~a7MAV?Ty |9p‡9E#rUϚX 5<.&B#576Q OfBnmhJJ:$,4)špdzKx^`"3hqNNRЙB#@9zQkڑTo-V<4JՍ݋$/gcP*oWuRH[&ފy ˾0p WZD"b j7{\X3,# l,.h?4W0%Ϳ;{8`OͱI ĽG*+iS#SOodV-iV9ѴZZ,<>kpX"@@7w )mT.mṪΧޙyд "s=:"wS=`t˱; `3ǟGRlC28c"(>E TXvRhjUL-F ? |(+ȁUraXk²읷Wה])/_86y+Uu>8bCLmRǦE}BuߴiFʫ%Mfno v6,ƴ_$i?怚H|A2exL,Z`_9cDzlʠ:7$ci.:2y4hDssHb<"T2paLHa03] elqؼuwPySc's{䖻!`Pf:sV*L3$!WTwwAQ xL1kM8vهEh*O|={0"un‚_8R"X @ 4 y} *jq1b (h bAzp3E abIta1:C={e|h3ʫ22 yZ JLo;9*'ERgD+ϏyWG"MtH_⬯/8ݩ]?? L4,RjzGW>sμ + ;2E<&{H˰"Uyo}JZYPIb6ʼnG #q?@*2G¹7`Qеa⢉!hG34hý235RZS:ݝ'(R~=h;?iQYf0`55-* ?ŤD Lkӹt)DkȮcf>Fu:*Z7ּӪ`fC[$ zTÈ iGqĆZ ZYMV~q?or렀6RaCxޜ9"yea@WIlJhL_JnVMШ6s7}&mnj^[u7Gጻ,q{Sk),tbjqc0:g<}/QBJr fڗy@?uUJ _2 d&T~#xylؤμVMs|,OnjTSc\o MlGOqOT]/DV;A%db:9Ki[2|'@dkѪ%3NQ&g+|0jZ5}NxTH7E$9P|41 ZH$}'~F85o~թrVgHWtq͑/sOiLz[VUe@5ẹV3C e 4v=.EЋgyN3 a6}b;_&*|92SG)[EXqkX =ϼ \XZ>y5 &QrKuE ;tGM4*6H!IQkQ[Iպk2RBE-) B^DD\w[- veN6qab;?l͵g7gkX?"B55) 0u%hzGSqza\/;Cn/$h/ ^1Mu0@mlJwټ@8f'Su$I,+o*Mn@uztC˪+> 2*ijAR/sD&:Lpz]Qd:)nQ==Սћ3݀ GL)߭*1WIP*5]* s+0G\0R,WyEOp?lZ.+BvI *s>P9[۷BlpH74!,8{Je%[ yr}e, ,"zR#.=2a7ZPf73111t/xsxuzU÷'K( -$P) WAhxa{I1G]Itq]տ8&Cwys0qnqnt 3 hw_{>gq O4 }U\:&_v?\U}[ q޲oU#h3 J@'$bw}|ɾ3zQ4[{閿ð ]a址 vsռ}߹_>^vo)rٹnK^ރ '7e1Bç֒\zA_ɾj,49Aϐa6(F'hOنk^+[̚_f?ĄB?JNx0('@RPOh5[#ZeStZ;3^v}dh!:Ua2"(BShDO§,>69S%j67"EJN^v[LӷoHWs7|Et_(hL6fsF;HGdNlp j_vz`eSrF4/ȍ_Gۻ"Tc8LMàv)fTDScoy0;Ɩx8쀒N1{LEOܣMF]>-gSsS)< ǑAGJ脊aye5))eL5NRMLC]OC/$;B:Tzw gaM>m3Wjt6D20@u\e0 `q5/É@P V=2k;xV̵}jП 2]}l}DKG,a4qͷv"ϓ~\[-(";Ә udO#@/-vt1tY AAXy !Vorl8wDrs&8lId;xl?|wgJbj <QbhLp9٢hr;" 6a' zYC,g ?/!gc'[T>=bCq,}',5[/8PXIכvi U  auӗ,'sT i/,3iUR*êH?ݏ8T, ׈fij 1ulfLZ':6 U>R[)k$_B$ rzZ/0}c]87ҙ}t_b'w7,-:a㳀\VTK˸lY€}`8Vc"QlD ގ¹eF饖3RnkYP1g~}d6B7go~K< i"S$J]y'9؃H}W f 9uQZPKqdqڐ! HuLV=s='=|OGO,SL`T)`eݢ^00=(Jks. eъ VJ VGU񂗣pݼAV#~f$]Z,}JHi "7JMObG( [e6BEŴR0%r^eSōt J>?=ӽ,dR ?&tMcrqC!78sXʴbxR")"qUWE8\|x_%E ^^WzҍRK_H"[/x(+OzR-}pLs# X 2$ a0ÉE:ma}]̳?%B"xcW⪲%Uݕ UԢr\\"1cӛМż}4}L+ HRdqYHpX" `W$MvS;{2Fە񊯮XJXJeJ c0 B¡`{ =*﫮 VٕkJ? FBaЫ/}[61E:ʳ̨tcѮ;lBԪժ  PԐ @,c_͔DUEL4^ a/vӔ]ٵ~r- ZfHӧxwPUMju\ ]YpKyZ0L[tF#K[)zK2 vG܃VSkJ1Ibiy&ڣ|wg^DӠ+XJT;y;Uc-<<<<_޳ZR+=z}k;f)鐰 yL+U7u}=[uf)9||iAtXSW:ST[*R4UR %aJXK>-`t,/3d^]e qG}1n,t̆@+biߗ0']=c8$p(\!H ̰\{:̢Ƅj_zE4J%di|")hW}j!u KeP-fŤ>Z|DUtm="wXŁJF&^LZ*6 ̔ևi`uVED fH~06L#b#$j-9F!|(@Cw}=m|^׆#wi`\tJD mjҖDT(p BQɷ]ҹ#Iyyyyrbۻi^"~k19PeiY!" yNC`_xV]qmZOskɤ\`3Fٵ^Fz;!ۑklY]3' $0uT:@PjXz'ib`P:AX #9 i4z m8xҟ`mR;6gI8ӏ[EG"gncar~JXͣc YFc?ׄ k̖Baa"ɖVKc. կS<`l[ltH7Y;ɥcuٻ{13;#$`5| +xgiuK4@[֟r5DR|W ƿS=y6f 0^1{mYo{@k3"GA-[f^6௶cul>/P=uaYmZۈYޣ3灮{UrbZZI nh>y=&oH3@84I/Nl $8&wUQqD3$o& St$XyO"G,+ɻkǠGK|~xt؇Ϡ 8iQ0cO_i/U/

QiH :-Fr41Q7~"'y?G* O2\eg,5h6W`a3ط/0q_wn}7ȗL#ǔuT$s:^ &0&_维" w}~(Vqo7d'|/]:fkeevךSN|l: s*juۏo? DŢW\S=")5|5X:JR]Ɔc#cYx|]7DyDw4i.B1-Me9L 'Ʈ$Jjad7"}$ƽ⊢tyydLh 긺\/$[a0i1V&GBA8AXJo,"xa squQ%^Pl&vnf \95͂E/ tCc%5S(5ub?=G/utIkb"]J1x}[?Ǹ+5fL6P;qU6'aqbfֆX50VzY3nomzYC2m` J.қ≠D37:Ues|'7)p'찔?14;W ,)Э*1Xpt1(;PvZ*F.#ZIixw<6GtixPxcLxa*1aN eզٝ$7zgFX9[!VUߞ$ru Y _D_dq2m-Y|~)}^MM %.Mo Qrj$Ƿ\p NoG_ 6a^zGZq!IG)}o<#b2zޘ[8# XZ `Oh$~b 2uFf."T( #`Nvf\z~}C@,!™6m@xA`{3]ܵ h >(4x0W Ƿxl0W^̃ [z.p5:0[u/ O醾!B|1GB(׼9Ĝ#>PQ}uOK\gaH9p=S-0Șh MQ HxDɹcMVBE< ,i mang=gFpb1Ř!&"=lFLN@ K=n熉1JK\-B@e=Dq{b/ }f_$R D t]\UP*@IP|XP؟?pk2%H0Zmn<5X`,2E<exX<>sOwe~rt6fG5KqldaQ(Gb8M u?3,ȏݦKlݜ(8#E.mL ]ǒ 4B1hVؘg ?2~X׻SsH_PbJU(IhRW|:P |+R0cU-%+_oSwV7Xz+i+K9Iˑ1;^(qD|LBz،\Sݾ,0B9ޒ&9mIisti{5} \MGݫ;֧ͧusgi`&hT㟳K}m |Q);OFYyfvʜP'ͅfU,xe^J>M`(^;yCfuljŵvNL%K#CEGM.a`1D 'M&7bQ׾lIk&5+ۼv(((gMfFyʻ-AQ~gρ>yNq\iVF9?t3ʡ5~eO/e+'c| U|U}>We|Wyy(_P~Q(GF_e^g5u\]g_O7CtAt3 M7fOe{ks?f~3A;(*;h.;࿻ Ku1Ay3CΚ7pzy;"9(/R*zUKg賲+F7_˰ɠsk32Я!eߧdndڹ9붒 aqʍz^S_yڞ馵pۭ]hq_l ^c/K^浽I<&xEq\+gل@CX{#uO'NW4CﹺKd^ WsU}ӉzZŚ/JYmJ91baOd_fO{ "X ʽp'eybnARG4YQ=PW].6ppSn$ 5` +}"exvY^][j7m!ϋ9y}³2SwفGh5OKWY-Jaġ$[ =L\x7C/+O7 lc}k}?W;}{ݼ4߷C{>'K_u}ςoDV)pF ;F,R+|c ,>Oa4-D =C9jhN_i{[sn LU,H$·RiErT)N?Nn0l#DaUUEVro9 VVjb`" *s>P`25UJ` z!J1 #4c֭dK_c(wp EУ%-˘E͛YʌN#^"_v3&mc(2)R1K1@eA*q0*f>d%Q<8s`>&\ʠaCo^Vٍv"nyhp䃿t8]$}`y»Y!Dxftz4}z<87mJ)gQ  LwzxYԕ&`" 9oٔ^^C ΅*˗ X627\&vY['lybb)m+H|j[ {w#KFU:x/ C4|'o{qmX?ap;b2~Rh0vASփO/lb5)"Q Ivm4x>}v 1-XԱhgоxQFD#iZ#wXZNƀ_@o=,N7"f8̆I ůD|݇,gn{9gxt1?-mgvlCkFqg=qœj@@rݯ¬ ]%]QO"c^v~P΄!نIf{W ^{#E3dưz<m1P EY/uY{N6^ )4M뚈βQszo%()%y+L9(ه7xZ*Oe{BI<ŗ->,D*9"[ %P@EikI/?tI3v+Nvޒ{ξ( ;Ccx gL^'/1ue|nHHUΧf2{MG:з57d([|ӽނ4ܨNAeVb0 yM&Cp dtE#bWp!@>pEg*QTD KQ)Ybd㜙69 3/&u@NEqDPvx-v6s`^||kAўY=m0w>L /#]Z&6k$~El=eu{/Wrcdk{f:ePeXl/!Rэk+Wei$ցinu[[mx~Gݺǀg OTg{*.wf94lJTFE¾":u`x^};={!*+k_؁nlTxۤ9-o@U  =[?܋;;16 ^f'1ݱM|g)C2^#s!oYX&7ę /O?8C7Ѱ0 L,luEG%RRNCc 0F :p2 19-OxI1%h3l䃈mAb?<ōc),3]gvCG%z1wqX0~v19&Y>6s3a=`>]x O!0gWP Y-f1%Dv88)ҡC;@̚B>eS1C'@n0\| H d9[\O^مu3\j/YH~> \99.@OI"cXM1}aE|@'W#.rWW?aMdt^ o?Xy/7:yH%H=C# IFk;O(QF2y?^S|ֽ`gh{^zVju'+e=`os g\JRSk$5WYVfLNƇZZ܄;66BKFslx61['h)