Stinkysteve
07-15-2004, 09:15 PM
Story here:
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23900799
Microsoft Puts Out Trojan-Horse Killer
By TechWeb News
Microsoft late Tuesday posted a software tool that cleans computers infected with a Trojan horse linked to the late June attack by Russian hackers http://www.serverpipeline.com/showArticle.jhtml?articleID=22102314 who managed to compromise Web servers and users' machines that viewed pages on those sites.
Similar to previous tools that Microsoft has made available for such worms as Sasser and MSBlast, the Download.Ject Payload Detection and Removal Tool is available free of charge from the Redmond, Wash.-based developer's Web site. http://www.microsoft.com/downloads/details.aspx?familyid=FC84B8B5-A64D-4837-B65F-96925A514F71&displaylang=en It's petite, just 118K in size.
The tool sniffs for the Trojan Berbew -- the payload that Download.Ject injected onto end users' PCs via vulnerabilities in Internet Explorer -- and deletes them.
While the original attack was relatively mild in comparison with, say, Sasser or even MyDoom, Microsoft put some scary language into the online description of the tool.
"When this Trojan Horse runs on the user's computer, it may perform several actions, including monitoring Internet access to capture sensitive information such as logon names and passwords, or opening fake dialog boxes that prompt the user to enter confidential information such as ATM card codes, credit card numbers, or other confidential information," Microsoft said on the site.
Tools of this ilk have been very popular with users, who have downloaded millions of copies from the Microsoft site. Since the MSBlast cleaner was released in January, some 40 million customers have used the tools, said Microsoft.
The cleaner is the latest effort by Microsoft to put the attack behind it. On July 2, the company posted a Critical update http://www.techweb.com/wire/story/TWB20040702S0007 to Windows which disables the ADODB.Stream component, which the hackers used to invisibly plant Trojans on users' PCs.
Even though Microsoft posted a large number of patches Tuesday, however, no permanent plug has been issued for the hole used by the attack.
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23900799
Microsoft Puts Out Trojan-Horse Killer
By TechWeb News
Microsoft late Tuesday posted a software tool that cleans computers infected with a Trojan horse linked to the late June attack by Russian hackers http://www.serverpipeline.com/showArticle.jhtml?articleID=22102314 who managed to compromise Web servers and users' machines that viewed pages on those sites.
Similar to previous tools that Microsoft has made available for such worms as Sasser and MSBlast, the Download.Ject Payload Detection and Removal Tool is available free of charge from the Redmond, Wash.-based developer's Web site. http://www.microsoft.com/downloads/details.aspx?familyid=FC84B8B5-A64D-4837-B65F-96925A514F71&displaylang=en It's petite, just 118K in size.
The tool sniffs for the Trojan Berbew -- the payload that Download.Ject injected onto end users' PCs via vulnerabilities in Internet Explorer -- and deletes them.
While the original attack was relatively mild in comparison with, say, Sasser or even MyDoom, Microsoft put some scary language into the online description of the tool.
"When this Trojan Horse runs on the user's computer, it may perform several actions, including monitoring Internet access to capture sensitive information such as logon names and passwords, or opening fake dialog boxes that prompt the user to enter confidential information such as ATM card codes, credit card numbers, or other confidential information," Microsoft said on the site.
Tools of this ilk have been very popular with users, who have downloaded millions of copies from the Microsoft site. Since the MSBlast cleaner was released in January, some 40 million customers have used the tools, said Microsoft.
The cleaner is the latest effort by Microsoft to put the attack behind it. On July 2, the company posted a Critical update http://www.techweb.com/wire/story/TWB20040702S0007 to Windows which disables the ADODB.Stream component, which the hackers used to invisibly plant Trojans on users' PCs.
Even though Microsoft posted a large number of patches Tuesday, however, no permanent plug has been issued for the hole used by the attack.