Virus Warning- Do not use Internet Explorer
Got this from Urania's blog. She got it from her law school.
***WHAT'S GOING ON***
-Several "prominent websites," are unwittingly causing users that visit their sites to become infected. We don't know what these websites are, reports indicate they are 'heavy traffic' or 'popular' sites.
-If infection is successful, the virus attempts to log your keystrokes and
retrieve passwords, credit card and banking information and send them to computers in Russia.
-Infection requires that the user visiting the compromised website be using Internet Explorer (IE).
-There is no patch for Internet Explorer that prevents infection at this time.
***HOW DO I AVOID IT***
The simple way to prevent infection at this time is to use a browser other than Internet Explorer, or stay off the internet. At work, please use Netscape which is installed on every computer in the Law School. Internet Explorer may be the default web browser on your computer. If this is the case, you should install another web browser and set it as your default. You can change the default web browser by opening Control Panel and 'Add Remove Programs'. Select 'Set program access and defaults'. Select custom and set your default web browser to something other than IE.
For home use, we suggest you download, install and use Mozilla Firefox. If you have Netscape installed at home, you can use it. You can open IE and paste the link below into the address bar and press enter to initiate the download. We have checked this web site. It is not running the version of web server software that is involved in spreading the virus. Before opening IE you should set it's home page to 'blank'. Open control panel, then Internet Options. On the General tab, in the Home page section, select the 'use blank' option. Click OK and close control panel. You can now safely open IE to paste the link.
Here is the download link:
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.9/FirefoxSetup-0.9.exe
***HAVE I BEEN INFECTED***
You can determine if you have been infected. To determine if the malicious code is on your computer:
1. On the taskbar at the bottom of your screen, click Start, and then click Search.
2. Under What do you want to search for? click All files and folders.
3. Under All or part of the file name: enter the following text to search
for both of these files:
Kk32.dll
Surf.dat
4. If either of these files is present, your computer may be infected. You
can clean your computer by using up-to-date antivirus software.
***IS THE 'ATTACK' OVER***
As of this afternoon it has been reported that the main server involved in
spreading the virus was knocked off-line. Even if this is the case, Internet Explorer remains vulnerable and there is currently no patch. If this attack has ended, there will be more. When a new virus is released several variants always follow.
***HOW CAN I GET MORE INFORMATION***
Using a web browser that is not IE, you can visit the links below.
From Microsoft:
http://www.microsoft.com/security/incident/download_ject.mspx
From Symantec (our anti-virus vendor):
http://securityresponse.symantec.com/avcenter/venc/data/js.scob.trojan.html
News Articles:
http://zdnet.com.com/2100-1105_2-5247187.html?tag=zdfd.newsfeed
http://news.bbc.co.uk/2/hi/technology/3840101.stm
http://www.eweek.com/article2/0,1759,1617233,00.asp?kc=ewnws062504dtx1k0000599
***WHAT'S GOING ON***
-Several "prominent websites," are unwittingly causing users that visit their sites to become infected. We don't know what these websites are, reports indicate they are 'heavy traffic' or 'popular' sites.
-If infection is successful, the virus attempts to log your keystrokes and
retrieve passwords, credit card and banking information and send them to computers in Russia.
-Infection requires that the user visiting the compromised website be using Internet Explorer (IE).
-There is no patch for Internet Explorer that prevents infection at this time.
***HOW DO I AVOID IT***
The simple way to prevent infection at this time is to use a browser other than Internet Explorer, or stay off the internet. At work, please use Netscape which is installed on every computer in the Law School. Internet Explorer may be the default web browser on your computer. If this is the case, you should install another web browser and set it as your default. You can change the default web browser by opening Control Panel and 'Add Remove Programs'. Select 'Set program access and defaults'. Select custom and set your default web browser to something other than IE.
For home use, we suggest you download, install and use Mozilla Firefox. If you have Netscape installed at home, you can use it. You can open IE and paste the link below into the address bar and press enter to initiate the download. We have checked this web site. It is not running the version of web server software that is involved in spreading the virus. Before opening IE you should set it's home page to 'blank'. Open control panel, then Internet Options. On the General tab, in the Home page section, select the 'use blank' option. Click OK and close control panel. You can now safely open IE to paste the link.
Here is the download link:
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/0.9/FirefoxSetup-0.9.exe
***HAVE I BEEN INFECTED***
You can determine if you have been infected. To determine if the malicious code is on your computer:
1. On the taskbar at the bottom of your screen, click Start, and then click Search.
2. Under What do you want to search for? click All files and folders.
3. Under All or part of the file name: enter the following text to search
for both of these files:
Kk32.dll
Surf.dat
4. If either of these files is present, your computer may be infected. You
can clean your computer by using up-to-date antivirus software.
***IS THE 'ATTACK' OVER***
As of this afternoon it has been reported that the main server involved in
spreading the virus was knocked off-line. Even if this is the case, Internet Explorer remains vulnerable and there is currently no patch. If this attack has ended, there will be more. When a new virus is released several variants always follow.
***HOW CAN I GET MORE INFORMATION***
Using a web browser that is not IE, you can visit the links below.
From Microsoft:
http://www.microsoft.com/security/incident/download_ject.mspx
From Symantec (our anti-virus vendor):
http://securityresponse.symantec.com/avcenter/venc/data/js.scob.trojan.html
News Articles:
http://zdnet.com.com/2100-1105_2-5247187.html?tag=zdfd.newsfeed
http://news.bbc.co.uk/2/hi/technology/3840101.stm
http://www.eweek.com/article2/0,1759,1617233,00.asp?kc=ewnws062504dtx1k0000599