Scob Attack: A Sign of Bad Things to Come?

A recent Internet attack that exploited a powerful new assault technique has computer security officials worried that it could be a har-binger of worse things to come. The attack was based on a Trojan horse—a nonreplicating program that hides malicious code inside apparently harmless programming, data, or Web pages—dubbed JS.Scob.Trojan by antivirus experts. " We have validated a minimum of 630 different Web servers compromised in this attack, " said Ken Dunham, director of malicious code for iDefense, a computer security company. " These servers hosted millions of infected pages during the attack. And ongoing attacks related to this continue to emerge. " Scob affected Web sites for such well-known organizations as the Kelley Blue Book car pricing service and MinervaHealth, which provides online financial services for the health-care industry The Trojan loaded software that captured victims' keystrokes—which could have included valuable information such as passwords and credit card numbers—and sent them back to the hackers. " Once completed, credit card and identity theft could occur, " explained Dunham. The attack was particularly effective because it targeted the most common operating system (all Windows versions) and Web browser (all Internet Explorer versions), as well as the popular Microsoft Internet Information Server (IIS) 5.0, which functions as both a Web and FTP server. The Scob attack was significant for several reasons. Scob's dangerous new aspect was that rather than opening e-mail attachments, victims didn't have to do anything but visit a contaminated Web site to become infected. " By using Web servers and Web sites to install the malicious code, hackers were able to install the Trojan, " explained Dunham. In the past, hackers have used Web sites to spread adware, spyware, or browser-hijacker software. However, the Scob assault went considerably further by attacking IIS servers so that they would serve infected pages to unsuspecting visitors to popular Web sites. " Now that the exploit is out, it won't be long before others adapt it for spam-ming and for launching broad attacks to cripple the Internet, " predicted Alfred Huger, senior director of engineering at security vendor Symantec. Scob's code is readily available on the Internet. " A simple search allows any malicious-code author to retrieve it and use it, " noted Jaime Lyndon Yaneza, a researcher for antivirus software vendor Trend Micro. " This is the danger of such simple script-based viruses. It doesn't take a rocket scientist to modify …