Lockergnome's Tech News Watch   

Ibiza Trojan is a trip

02.16.2004 @ 11:02 PM PT | Marc Erickson

Web surfers need to be cautious of a new Trojan out there that exploits a vulnerability in Microsoft Internet Explorer, for which there is no patch. The malware is introduced when end users click to what looks like a travel-related page but is, infact, a ‘hostile’ site that allows the Trojan to implant into Internet browsers’ machines.

According to Ken Dunham, director of malicious code at iDefense, there were at least 5,000 machines infected with Ibiza-A as of today. The company came to that estimate by looking at a Web site that the Trojan creator set up to ascertain which machines are infected. Even fully updated machines running Internet Explorer 6 will be susceptible to the attack as there is not a patch available for the flaw.

When infecting a system, Ibiza launches a program that downloads and installs code. It may download file mstask.exe, which then installs svchost in the Windows directory. The Trojan also changes the Windows registry so it starts when Windows is booted up: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Online Service=C:WINDOWS DIRECTORYsvchost.exe

Ibiza could cause some systems to crash, according to iDefense. If installed ‘properly,’ the Trojan opens TCP port 10002 and listens for commands from its creator. An attacker could potentially steal passwords from compromised machines, modify settings and change files….

The only surefire way to prevent infection is to use a different browser such as Mozilla or Opera, which aren’t affected by the flaw, Dunham said.”

References to this Article

TrackBack URL for this entry:

Recent Entries