6 July 2004 Microsoft has offered a temporary measure to help protect customers using its Windows operating software from a data-stealing programme that began circulating last week. The software giant is also developing a longer term solution to the flaw.
The company is offering a configuration change for Windows XP, Windows Server 2003 and Windows 2000 operating systems, designed to improve those system’s resiliency and protect against this and future attacks.
The patch can be downloaded from Microsoft’s Download Centre and will also be automatically distributed this Friday to customers who have signed-up for its Windows Update service.
But although the update alters Windows settings, it does not solve the security gap in the Internet Explorer browser that the programme – a Trojan horse named ‘Download.Ject’ – has successfully managed to exploit.
A Trojan horse is a hacker programme that can potentially be as destructive as a virus. However, it doesn’t spread automatically of its own accord but rather infects computers after users visit hijacked web sites that distribute the programme.
Download.Ject, linked to a web site in Russia, since closed down, manages to exploit a flaw in Internet Explorer that Microsoft has no cure for at the moment. The programme includes a ‘keylogger’ designed to steal private information and primarily hunts for account data from services such as eBay and PayPal.
Thankfully, the programme has not become widespread but attackers could eventually use the technique it has demonstrated to create more damaging attacks. To counteract this, Microsoft says it will provide a comprehensive update to resolve the flaw in the next few weeks.