Author Topic: JS.Scob.Trojan  (Read 4395 times)

0 Members and 1 Guest are viewing this topic.

Offline radicalb21

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 438
  • Be Safe. Be Smart. Use Common Sense.
JS.Scob.Trojan
« on: June 25, 2004, 06:01:17 PM »
I just recieved an email from Department of Homeland Security:

The Despartment of Homeland Security warned Windows users Thursday night about a virus that can infect systems just by visiting a compromised web site. Hackers have been breaking into sites running Microsoft's IIS web server and appending hidden Javascript to pages. When users visit the page, the Javascript code loads malicious code hosted on a Russian server.

There's quite a bit of panic over this particular exploit. CERT is telling users to turn off Javascript. "US-CERT recommends that end-users disable JavaScript unless it is absolutely necessary. Users should be aware that any web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code." According to the Internet Storm Center several major sites have been compromised. There is currently no patch for the exploit, however you should update your anti-virus software immediately. Most AV software will detect the infection as the JS.Scob.Trojan.

Should you stay off the net today? CNET quotes Brent Houlihan, chief technology officer of NetSec, "I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now."

Or use Mozilla. Or Firefox. Or Opera. Or Safari. Or anything but Internet Explorer. And by the way, IIS ain't such a hot idea either.

Does anyone know anything about this trojan named JS.Scob.Trojan? Any and all help would be appreciated/
iMac 21.5 " Mid 2011 2.7 GHz Intel Core i5
4 GB 1333 MHz DDR3
AMD Radeon HD 6770M 512 MB

Iso-G

  • Guest
Re:JS.Scob.Trojan
« Reply #1 on: June 25, 2004, 07:04:49 PM »
"JS.Scob.Trojan" was called by Symantec, isn't it ?

ITmedia (in Japanese) is recommending IE users to get "MS04-013" and to turn JavaScript off.

I think "Opera" has a security hole on its address bar.
« Last Edit: June 25, 2004, 07:26:44 PM by Iso-G »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re:JS.Scob.Trojan
« Reply #2 on: June 25, 2004, 08:26:39 PM »
As always, the moral of the story seems to be keep your winOS up to date (or don't use IE, OE, etc.) with regular visits to windows update.

The MS security bulletin Iso-G refers to is in fact a cumulative update for Outlook Express.

Microsoft Security Bulletin MS04-013
Cumulative Security Update for Outlook Express (837009). You can check for this update on your system.

http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline radicalb21

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 438
  • Be Safe. Be Smart. Use Common Sense.
Re:JS.Scob.Trojan
« Reply #3 on: June 25, 2004, 09:23:42 PM »
Does anyone know if it has been added to the VPS database. See earlier post for more information.
iMac 21.5 " Mid 2011 2.7 GHz Intel Core i5
4 GB 1333 MHz DDR3
AMD Radeon HD 6770M 512 MB

Iso-G

  • Guest
Re:JS.Scob.Trojan
« Reply #4 on: June 26, 2004, 03:06:19 AM »
I have read the news again.  I knew I misunderstood it.

That news says :
The Windows user performs Windows Update, and applies the newest patch also including MS 04-013.

Thank you very much, DavidR.  ;)

Another ("Internet Watch") was found. It says :
According to Microsoft, it is supposed that it will be infected by "Download.Ject" when Windows 2000, on which IIS is operating, has not been applied the security correction program "MS 04-011". - (abbreviation) -
When the files of "Kk32.dll" and "Surf.dat" are found by searching, it is supposed that doubt of infection by "Download.Ject" is high.


I hope VPS updating earlier.

RedSector

  • Guest
Re:JS.Scob.Trojan
« Reply #5 on: June 26, 2004, 08:01:22 AM »
I am so glad I use Firefox instead of IE, wheew!