The attack is more dangerous than most, according to the government's US-CERT cybersecurity center, because infection is possible just by visiting affected Web sites, according to US-CERT, a division of the U.S. Department of Homeland Security
Computers that run Microsoft's Internet Explorer browsers are vulnerable to infection, according to US-CERT. The CERT warning said Internet Explorer users can protect themselves by turning off the "javascript" function in their browsers. Javascript is a computer language often used in building Web sites. The attack takes advantage of two recently discovered security flaws in Internet Explorer. Microsoft released a patch in April to fix one of the security holes; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.
CERT recommends that Internet Explorer users consider different browsers such as Mozilla Firefox, Netscape Communicator or Opera. For people who continue to use Internet Explorer, CERT and Microsoft recommend setting the browser's security setting to "high."
Among the several Web sites hit were kbb.com, the Internet address of the Kelley Blue Book automobile pricing guide, and MinervaHealth, a health care financing company based in Jackson, Wyo.
Robyn Eckard, a spokeswoman for the Irvine, Calif.-based Kelley Blue Book, said the company learned about the problem late Wednesday after Web site visitors said their antivirus software tipped them off to the code. Eckard said Kelley Blue Book removed the malicious code from its site by late Thursday afternoon.
http://story.news.yahoo.com/news?tmpl=story&cid=1804&ncid=738&e=7&u=/washpost/20040625/tc_washpost/a5524_2004jun25
Linear Mode
