A new version of June's Download.Ject attack is hitting users through a pair of instant-messaging services, planting backdoors on fully patched Windows XP PCs, and serving victims with a diet of porn ads.
According to Thor Larholm, a senior security researcher at online-security services firm PivX Solutions, the new attack is probably the work of the same group of hackers that launched the
original Download.Ject assault in June.
In that brief but high-profile attack, Russians compromised numerous Web servers running Microsoft software, then used a variety of vulnerabilities in the Internet Explorer browser to drop password- and bank-account-stealing key loggers on systems whose users had simply surfed to sites hosted on the infected servers.
This attack, says Larholm, is different. "The attacks comes in via AIM or ICQ instant messages, either from random users or users you may know," he says. If the person clicks on the link that reads "My personal home page http://XXXXXXX.X-XXXXXX.XXX/" the server attempts to download the Trojan using several IE vulnerabilities, including Object Data, Ibiza CHM, and MHTML Redirect.
And rather than hijacking financial data, the object of the new attack appears to be to display porn advertising. "It's still a financial motivation," says Larholm. "And since there's a backdoor installed, it could be used for other purposes later."
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
