Download.ject
   HOME

TheInfoList



Click Here for Items Related To - Download.ject
OR:
Download.ject on:   [Wikipedia]   [Google]   [Amazon]

In
computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...
, Download.ject (also known as Toofer and Scob) is a malware program for Microsoft Windows servers. When installed on an insecure website running on
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...
Internet Information Services Internet Information Services (IIS-pronounced 2S, formerly Internet Information Server) is an extensible web server software created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTPS, FTP, FTPS, SMTP and NN ...
(IIS), it appends malicious
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...
to all pages served by the site. Download.ject was the first noted case in which users of
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems ( ...
for Windows could infect their computers with malware (a
backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so titl ...
and key logger) merely by ''viewing'' a web page. It came to prominence during a widespread attack starting June 23, 2004, when it infected many servers including several that hosted financial sites. Security consultants prominently started promoting the use of
Opera Opera is a form of theatre in which music is a fundamental component and dramatic roles are taken by singers. Such a "work" (the literal translation of the Italian word "opera") is typically a collaboration between a composer and a libr ...
or Mozilla Firefox instead of IE in the wake of this attack. Download.ject is not a
virus A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsk ...
or a
worm Worms are many different distantly related bilateral animals that typically have a long cylindrical tube-like body, no limbs, and no eyes (though not always). Worms vary in size from microscopic to over in length for marine polychaete wo ...
; it does not spread by itself. The June 23 attack is hypothesised to have been put into place by automatic scanning of servers running IIS.


Attack of June 23, 2004

Hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
s placed Download.ject on financial and corporate websites running IIS 5.0 on
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was released to manufacturing on December 15, 1999, and was officiall ...
, breaking in using a known vulnerability. (A
patch Patch or Patches may refer to: Arts, entertainment and media * Patch Johnson, a fictional character from ''Days of Our Lives'' * Patch (''My Little Pony''), a toy * "Patches" (Dickey Lee song), 1962 * "Patches" (Chairmen of the Board song) ...
existed for the vulnerability, but many administrators had not applied it.) The attack was first noticed June 23, although some researchers think it may have been in place as early as June 20. Download.ject appended a fragment of JavaScript to all web pages from the compromised servers. When any page on such a server was viewed with
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems ( ...
(IE) for
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...
, the JavaScript would run, retrieve a copy of one of various backdoor and key logging programs from a server located in Russia and install it on the user's machine, using two holes in IE — one with a patch available, but the other without. These vulnerabilities were present in all versions of IE for Windows except the version included in
Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
Service Pack 2, which was only in beta testing at the time. Both the server and browser flaws had been exploited before this. This attack was notable, however, for combining the two, for having been placed upon popular mainstream websites (although a list of affected sites was not released) and for the network of compromised sites used in the attack reportedly numbering in the thousands, far more than any previous such compromised network. Microsoft advised users on how to remove an infection and to browse with security settings at maximum. Security experts also advised switching off JavaScript, using a
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used o ...
other than Internet Explorer, using an
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
other than Windows, or staying off the Internet altogether. This particular attack was neutralised on June 25 when the server from which Download.ject installed a backdoor was shut down. Microsoft issued a patch for Windows 2000, 2003 and XP on July 2. Although not a sizable attack compared to email worms of the time, the fact that almost all existing installations of IE — 95% of web browsers in use at the time — were vulnerable, and that this was the latest in a series of IE holes leaving the underlying operating system vulnerable, caused a notable wave of concern in the press. Even some business press started advising users to switch to other browsers, despite the then-prerelease Windows XP SP2 being invulnerable to the attack.


See also

*
Browser wars A browser war is competition for dominance in the usage share of web browsers. The "first browser war," (1995-2001) pitted Microsoft's Internet Explorer against Netscape's Navigator. Browser wars continued with the decline of Internet Explore ...


References


External links


Technical information


IIS 5 Web Server Compromises
(CERT, 24 June 2004)
Compromised Web Sites Infect Web Surfers
(SANS Internet Storm Center, 25 June 2004)

(LURHQ Threat Intelligence Group, 25 June 2004) — analysis of the backdoor program installed on users' PCs
What You Should Know About Download.Ject
(Microsoft, 24 June 2004)
Microsoft Statement Regarding Download.Ject Malicious Code Security Issue
(Microsoft, 26 June 2004)
Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)
(Microsoft, 13 April 2004) — patch for server flaw
MHTML URL Processing Vulnerability
(Common Vulnerabilities and Exposures, 5 April 2004) — the IE flaw for which a patch was available at the time
Internet Explorer Cross-Zone Vulnerability Exploitation
(Internet Security Systems, 25 June 2004) — the IE flaw for which no patch was available at the time
How to disable the ADODB.Stream object from Internet Explorer
(Microsoft Knowledge Base article 870669) — the patch for the second IE flaw


Press coverage



(Mark H. Anbinder, 14850 Today, 24 June 2004)

(Associated Press, 24 June 2004)

(Robert Lemos, ZDNet, 24 June 2004)

(Robert Lemos, CNet, 25 June 2004)
Internet Attack Slowing Down
(George V. Hulme, ''Information Week'', 25 June 2004)

(Brian Krebs, ''Washington Post'', 26 June 2004, page A01)

(Robert Lemos and Paul Festa, CNet, 28 June 2004)

(Stephen H. Wildstrom, ''Business Week'', 29 June 2004)

(Stephen H. Wildstrom, ''Business Week'', 29 June 2004)
Are the Browser Wars Back?: How Mozilla's Firefox trumps Internet Explorer
(Paul Boutin, MSN ''Slate'', 30 June 2004)

(Bill Brenner, SearchSecurity.com, 4 October 2004) {{DEFAULTSORT:Download.Ject Internet Explorer Windows trojans