From eWeek

And we aren't talking about small sites.

Pop-Up Program Snatches Banking Passwords
By Dennis Fisher
June 29, 2004



Customers who use a number of the top online banking sites are at risk of falling prey to a new Web-based attack that snatches user IDs and passwords for these sites.

Among the sites targeted by the attack are some owned by Citibank, Deutsche Bank and Barclays Bank.

ADVERTISEMENT



The attack is rather complex and appears to use a known flaw in Internet Explorer (IE) to drop a Trojan horse program on vulnerable machines. The Trojan is delivered through a malicious pop-up ad that loads a file called "img1big.gif" onto the machine. The file is in fact a compressed Win32 executable that contains the Trojan and a DLL.

The DLL is installed on the PC as a BHO (Browser Helper Object), a type of DLL that normally is used to let developers control IE in certain circumstances.

When IE runs on a machine infected with the malicious BHO, the file monitors IE's activities for any HTTPS sessions with URLs that have any of a large number of banking-related strings in them.

The link
http://www.eweek.com/article2/0,1759,1618458,00.asp?kc=ewnws063004dtx1k0000599

Well, that's just peachy. I heard some talk the other day about a new vulnerability on IE, but I came in on the end of a radio conversation and didn't hear what it was. Maybe it was this?

I followed the link you gave, but there was little more on it. Do you know, if it can be detected by AdAware? Also, I searched my computer and was unable to locate the file, "img1big.gif."

I went to the Microsoft site, but I didn't find any information related to this. I did scan for updates and found nine I needed. A couple of them were security related. However, they didn't mention this threat specifically.

this is making me worry...
i have blocked all pop up windows from network firewall and now going to check machine of all users for that image file and then may be run ad-aware..

thanks a lot for the info..
Deep

This may have a negative impact on Pop-up advertising...

(So it can't be all bad)

:)

I can't believe this topic has received such little attention.

I received an alert from ZDNET yesterday about this. Their link for more info is:

http://zdnet.com.com/2100-1104_2-5248349.html

When I followed the eWeek link I got a pop up ad.
I had to laugh at that one.

the vulnerability in Internet Explorer with the popup Trojan.injector.
There is a little write up here, and a link to the ẃindows update page with the instructions.
http://www.protect-me.com/industry_news.html


Industry news



Microsoft to release IE configuration change today - 07/02/2004
Microsoft is releasing a configuration change for Windows XP, Windows 2000, and Windows Server 2003, to address recent malicious attacks against Internet Explorer, also know as Download.Ject.

Windows customers are encouraged to apply this configuration change immediately to help be protected from current Internet Explorer exploits. The update is available on Windows Update.

KB Article 870669 - How to disable the ADODB.Stream object from Internet Explorer

News source: www.neowin.net
Pop-up program reads keystrokes, steals passwords - 06/30/2004
Today security researchers have discovered a new malware that affects Internet Explorer. This new malware targets bank customer’s information. This program copies keystrokes to steal user’s passwords from over 50 target online banking sites.

I installed a new XP update that came out today or yesterday, they were not specific about the vulnerability though.

Ken

...and now an other one...¿?!¡

http://www.computerworld.com/securitytopics/security/story/0,10801,94320,00.html?nas=OS-94320