October 2nd, 2003, 21:16 PM
Trojan Horse Hijacks IE
Computer hackers have found another way to exploit an unpatched hole in Microsoft's Internet Explorer Web browser, using a specially designed attack Web site to install a Trojan horse program on vulnerable Windows machines.
The Trojan program changes the DNS configuration on the Windows machine so that requests for popular Web search engines like Google and Alta Vista bring the Web surfer to a Web site maintained by the hackers, according to warnings from leading security companies.
The attacks are just the latest in a string of online scams that rely on an easy-to-exploit flaw in IE known as the ObjectData vulnerability. Earlier attacks that relied on the vulnerability include a worm that spreads using American Online's Instant Messenger network.
Microsoft released a patch for the ObjectData vulnerability, MS03-032, in August. However, even machines that applied that patch are vulnerable to the latest attack because of holes in that security patch, according to a bulletin posted by Network Associates.
The Trojan horse program is called Qhosts-1 and is rated a "low" threat, Network Associates said. Trojan horse programs do not attempt to find and infect other systems. However, they do give attackers access to a compromised computer, often allowing a remote hacker to control the machine as if he or she were sitting in front of it.
Microsoft issued a statement Thursday saying that it was investigating reports of exploits for a variation on a vulnerability originally patched in Microsoft Security Bulletin MS03-032 and would release a fix for that hole shortly. A company spokesman could not say when the patch update will be released.
The Redmond, Washington, company recommended that customers worried about attacks install the latest Windows updates and change their IE Internet security zone settings to notify the user when suspicious programs are being run.
View: Microsoft Security Bulletin MS03-032