Exploit Targeted Online Commerce, Banking

On June 24, 2004, Microsoft published information about an exploit called Download.Ject (also known as Scob, Toofer, and Webber.P) that attempts to install a “Trojan horse” program on users’ PCs. This Trojan can later be used to steal users’ passwords for e-commerce, Web-based e-mail, and online banking sites.

Download.Ject does not attempt to replicate itself, and is therefore not a virus or worm, making it different from other highly publicized exploits such as SQL Slammer (which infected SQL Server in Feb. 2003) or Code Red (which infected IIS in July 2001). However, while these past exploits were annoying-Slammer, for instance, created massive amounts of IP traffic as it replicated itself, slowing the Internet and corporate networks to a crawl-most did not attempt to destroy, steal, or significantly alter users’ data.

A quick response from antivirus companies and authorities seems to have limited the damage from Download.Ject. Nonetheless, because it was so sophisticated, exploiting three separate Microsoft technologies, and because of its seeming criminal intent, enterprises and end users should be aware of what happened and how to reduce the likelihood of damage from similar attacks in the future.