Friday, June 25, 2004

New Mystery Internet virus widely spread and affecting traffic

According to CNET (link) Internet engineers recently defanged a new Internet virus that has become widely spread. The virus was discovered yesterday by Microsoft and exploits holes in Microsoft products (including Internet Explorer) to infect PCs using the Microsoft Internet Explorer browser when the user clicks on an infected website (which included some trusted names). Once infected, the virus monitors a users' keystrokes for passwords and credit card numbers, which are then sent to a website in Russia. (Note my earlier article (link), citing widely published concerns by the Pentagon that Al Queda may be behind some Internet attacks.)

Earlier today, engineers disabled the Russian website, preventing further infection. (However, there is no patch for the hole in Internet Explorer, so modifications of the worm are likely to appear. The article describes precautions users should take, such as updating anti-viral and fire software, and using a browser other than IE until the patch appears). However, infected websites continue to try to infect (unsuccessfully) PC user's websites and other web servers, slowing the Internet.

I disagree with statements that claimed there had been little noticeable disruption on the Web. I noticed a number of websites behaving very strangely this morning (some, such as sitemeter and other traffic monitoring sites, that continue to misbehave). I suspected a new worm or denial of service attack, but the discovery of the worm was only announced later by Microsoft and authorities.

Other blogs covering problems with the Internet:
whizbang: Internet Attack
mypetjawa: Server Down