Update: Service Pack 2 will block this attack. More at end of this post.
eweek: “Security experts are tracking a new piece of malware that appears to be compromising large numbers of Windows PCs and may be laying the groundwork for the creation of a large spamming network or a major attack in the future.”
More on InfoWorld:
Without the user’s knowledge, the code connects their PC to one of two IP (Internet Protocol) addresses in North America and Russia. From those systems they unknowingly download a piece of malicious code that appears to install a keystroke reader and probably some other malicious code on the computer, Houlahan said.”
There are no patches available yet. So what’s a computer user supposed to do? One expert quoted in a CNet article says: “I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now.”
Update: Systems with Service Pack 2 installed are not at risk.
From the Microsoft security site:
“Microsoft teams are investigating a report of a security issue affecting customers using Microsoft Internet Information Services 5.0 (IIS) and Microsoft Internet Explorer, components of Windows.
Important Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk.
Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code.”
To determine if you have been infected search all files on your drives for:
There’s more info about Download.Ject on the Microsoft site.
I’m glad to hear that SP2 prevents the malicious code from spreading. I’ve been running the beta for quite awhile and overall I’ve encountered few problems. It’s up to you whether you want to install SP2 or not if you haven’t done so–since it is beta software. But two things–First, if you have a Tablet PC, it significantly improves the user experience and second, no matter what type of computer you have it greatly improves security on your computer by adding a commercial-strength firewall among numerous enhancements throughout the OS. The fact that SP2 beta blocks download_Ject indicates that Microsoft is on the right track.