DoS Attack May Tap Web Graphics Flaw | eWeek

DoS Attack May Tap Web Graphics Flaw

Verfasst von
Dennis Fisher
Dennis Fisher
Jun 24, 2004
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Security experts are tracking a new piece of malware that appears to be compromising large numbers of Windows PCs and may be laying the groundwork for the creation of a large spamming network or a major attack in the future.

Analysts at NetSec Inc., a managed security services provider, began seeing indications of the compromises early Thursday morning and have since seen a large number of identical attacks on their customers networks. The attack uses a novel vector: embedded code hidden in graphics on Web pages.

When visitors to a few particular Web sites—including popular auction, shopping and price-comparison sites—request pages that include the malicious graphics, the code automatically downloads itself onto their machines. Once installed, the code unpacks itself and loads a keystroke logger on the PC.

NetSec officials said the attack seems to exploit a vulnerability in Internet Explorer.

The code then forces the machine to contact two IP addresses—one in Russia and one in the United States. The Russian site is hosted on a broadband connection and is part of a network known for spamming and other transgressions.

After contacting these sites, the tool then downloads some other files to the compromised machine. NetSec officials said they are still analyzing the code and are unsure what the exact purpose of the new attack is.

“We think its probably a staging activity for further attacks,” said Brent Houlahan, chief technology officer at NetSec, based in Herndon, Va. “It may be setting up for a large DDoS [distributed denial of service] attack or setting these machines up as spam relays.”

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

Compromised PCs often are used by attackers to launch large-scale DDoS attacks against one or more targets. And they also are valued by spammers who like to install software that enables them to send large volumes of spam messages from the machines. Using dozens or hundreds of compromised PCs makes it virtually impossible for investigators to track attacks or spam back to the original source.

Houlahan said he was unsure how many machines had been compromised at this point.

Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, re-views and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.