Microsoft Statement Regarding Download.Ject Malicious Code Security Issue

REDMOND, Wash., Updated:, June 26, 2004 — Microsoft is committed to helping customers keep their information safe. We are currently working with law enforcement and industry partners to identify the individuals or entities responsible for a new Internet attack, known as Download.Ject, and bring those responsible for this criminal act to justice.

On Thursday, June 24, Microsoft responded to reports that some enterprise customers running IIS 5.0 (Internet Information Services), a component of Windows 2000 Server, were being targeted by malicious code, known as Download.Ject. More information is available at: http://www.microsoft.com/downloadject .

Working with customers and partners worldwide, Microsoft is unaware of any widespread customer impact based on Download.Ject. Moreover, Internet service providers and law enforcement, working together with Microsoft, identified the origination point of the attack in Russia and shut it down on Thursday, June 24.

Microsoft has established with its partners that this attack is not a “worm” or virus-in other words, this attack is a targeted manual attack by individuals or entities towards a specific server.

Microsoft’s analysis has been independently confirmed by a leading security research firm. The Internet Security Systems ( http://www.iss.net ) X-Force research and development team, a leading third-party research group, confirms that IIS 5.0 Servers that have not been updated with security update MS04-011 are susceptible to this attack. The Internet Security Systems X-Force alert can be found at http://xforce.iss.net/xforce/alerts/id/177 .

Customers should ensure they have installed this update, released in April 2004, to protect their computers and networks from the issues addressed in that security update. This security bulletin is available at: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx .

Microsoft also has confirmed that this attack exploited a vulnerability in Internet Explorer to deliver malicious code to visitors of an affected Web site. Microsoft has been working with Internet service provider partners to shut down the malicious URLs. In addition, MSN is scanning for and blocking malicious URLs. The originating Web site of attack has been taken offline. Internet Explorer customers are no longer at risk from that particular attack source as of Thursday evening.

Customers using Internet Explorer should be sure that they have installed the latest security updates by visiting Windows Update at: http://windowsupdate.microsoft.com . Internet Explorer customers should also utilize high security settings. Consumers can review safe browsing tips at: http://www.microsoft.com/security/incident/settings.asp . Customers running Windows XP SP2 Release Candidate 2 are already protected from this threat.

Customers who believe they may have been attacked should contact their local FBI or Secret Service office or post their complaint at: http://www.ifccfbi.gov . Customers outside of the U.S. should contact their national law enforcement agency in their country.

Microsoft continues to recommend that all customers visit http://www.microsoft.com/protect to take the three key steps to protect their PCs. The three key steps are:

  • Use an Internet Firewall on all PCs and Laptops: An Internet firewall can help prevent outsiders from getting to your computer through the Internet. If you use Microsoft Windows XP, enable the built-in firewall.

  • Update Your Computer: Windows includes the automatic updates feature (Windows Update) which can automatically download the latest Microsoft security updates. Windows 98 SE and Windows ME can be updated from http://windowsupdate.microsoft.com .

  • Use Up-to-Date Antivirus Software: Installing, configuring and maintaining antivirus protection is absolutely essential. Customers can access current anti-virus protection at the following sites:

Note to editors : If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .

Related Posts