These vulnerabilities were present in all versions of IE for Windows except the version included in Windows XP Service Pack 2, which was only in beta testing at the time.īoth the server and browser flaws had been exploited before this.
Download pca col install#
When any page on such a server was viewed with Internet Explorer (IE) for Windows, the JavaScript would run, retrieve a copy of one of various backdoor and key logging programs from a server located in Russia and install it on the user's machine, using two holes in IE - one with a patch available, but the other without. (A patch existed for the vulnerability, but many administrators had not applied it.) The attack was first noticed June 23, although some researchers think it may have been in place as early as June 20.ĭownload.ject appended a fragment of JavaScript to all web pages from the compromised servers. Hackers placed Download.ject on financial and corporate websites running IIS 5.0 on Windows 2000, breaking in using a known vulnerability. The June 23 attack is hypothesised to have been put into place by automatic scanning of servers running IIS. Security consultants prominently started promoting the use of Opera or Mozilla Firefox instead of IE in the wake of this attack.ĭownload.ject is not a virus or a worm it does not spread by itself. It came to prominence during a widespread attack starting June 23, 2004, when it infected many servers including several that hosted financial sites. When installed on an insecure website running on Microsoft Internet Information Services (IIS), it appends malicious JavaScript to all pages served by the site.ĭownload.ject was the first noted case in which users of Internet Explorer for Windows could infect their computers with malware (a backdoor and key logger) merely by viewing a web page. In computing, Download.ject (also known as Toofer and Scob) is a malware program for Microsoft Windows servers. For the 30 Rock character 'Toofer', see James "Toofer" Spurlock.
0 kommentar(er)
