The Scob virus that hit the Internet by embedding in certain popular Websites and slipping Trojans into the computers of those visiting the sites is now said to be slowing down, with reports varying between calling it a slowdown and suggesting it might even have been stopped.
Forbes said late June 25 that Scob's total impact might not have been as severe as that of recent bugs like Sasser and Blaster. TechRepublic.com commented that "Netizens are no longer playing Russian Roulette each time they visit a Website, security researchers say, now that a far-reaching Internet attack has been defanged," adding that the attack "was nipped in the bud" when Net engineers shut down a Russian server said to be the source of the attack.
"Compromised Websites are still attempting to infect Web surfers' PCs by referring them to the server in Russia, but that computer can no longer be reached," the tech news Website said. "Still, Web surfers should still take care, as this type of attack is increasingly being used by the Internet underground as a way to get by network defenses and infect officer workers' and home users' computers."
Earlier in the day, security companies F-Secure and Sophos said Scob was likely traceable to the notorious Russian virus writing group Korgo. Embedded in a still-unidentified number of popular Websites, Scob, known also as Toofer and Download.Ject, aimed at a flaw in sites using Microsoft Internet Information Services 5.0 server and exploited Internet Explorer to point users visiting infected sites to another site that has code hackers used for keystroke logging and other backdoor appropriation of sensitive personal information, possibly for use by spammers.
TechRepublic.com also said that just because Scob might have been nipped in the bud, it doesn't mean its impact is over. "Network Administrators should beware as this type of attack is increasingly being used by the Internet underground as a way to get by network defenses and infect office workers' and home users' computers," the site said in a security advisory.
Alfred Huger, senior engineering director for Norton Antivirus maker Symantec, said Scob's method is a "tremendously powerful" technique for getting into a large business. "It is significantly easier to lure a number of employees to a compromised Website," he told CNET News, "than to get through a company's perimeter, which they may have spent hundreds of thousands of dollars to secure."
Microsoft is still working on a patch for the Internet Explorer flaw that helped enable the Scob spread. They have advised IE users to set security to the highest available settings even if it might slow down Web surfing, and reportedly said a patch was coming "soon."
An attack comparable to the Scob method happened in May, when an adware distributor exploited a pair of IE flaws to plant a toolbar on IE users' computers that launched popup ads. One of those flaws was said to let a hacker run a program on the affected computer, while the other let malware cross zones or run on higher than normal privileges.
"Together, [they allowed] for the creation of a Website that, when visited by the victims, can upload and install programs to the victim's computer," CNET said, citing other security analyses of those two flaws.
The Korgo group, already under investigation as it was, is now being investigated by law enforcement over the Scob attack, which security analysts believe may have been seeded earlier in the week. And the Internet Storm Center of the SANS group continues advising that the Scob attack may well have been aimed at giving spammers yet another way to turn hundreds of thousands of computers into unwitting spam conductors or "zombies."
