Trojan trap set at 'Survivor' site - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Trojan trap set at 'Survivor' site

By Andrew Colley, ZDNet Australia
May 13, 2004
URL: http://www.zdnet.com.au/news/security/soa/Trojan-trap-set-at-Survivor-site/0,130061744,139147459,00.htm

A Web site likely to attract fans of the CBS-owned television series Survivor could contain a nasty surprise for its visitors.

The site, owned by a party that has licensed the word "survivor" in a top-level US domain -- not linked to the television network -- today contained a smorgasbord of malicious code embedded in HTML scripts.

A concerned Web user alerted ZDNet Australia about the site after noticing that content on the site had triggered his anti-virus software.

Users who visit the site without adequate anti-virus protection on their PCs are at risk of being infected by three trojans coded into scripts maliciously embedded in its content: VBS/Psyme, Debeski and Java Script/IE.startgen.d.

The trojans take advantage of known exploits in Microsoft ActiveX, Internet Explorer and Java virtual machine.

While anti-virus vendors only rank the script trojans as moderate or low risks, they may be designed to prompt a computer accessing the site to automatically download a secondary payload from another location on the Internet.

At this stage anti-virus vendors that ZDNet Australia approached today have not revealed what the payload is, but miscreants have recently contrived similar forms of attack into maliciously designed HTML e-mails MessageLabs detected this month.