The mysterious Internet attack that occurred late last week has been identified as "Download.Ject", which originated in Russia and exploited an Internet Explorer vulnerability.
Microsoft says it has established with its partners that this attack is not a "worm" or virus. Instead this attack was a targeted manual attack by individuals or entities towards a specific server.
The company says Internet service providers and law enforcement, working together with Microsoft, identified the origination point of the attack in Russia and shut it down on Thursday, 24 June.
Microsoft says it has been working with Internet service provider partners to shut down the malicious URLs. It is also scanning for and blocking malicious URLs. The originating Web site of attack has been taken offline.
"Internet Explorer customers are no longer at risk from that particular attack source as of Thursday evening," says Microsoft.
Local computer security companies were left puzzled late last week after news reports based on US Department of Homeland Defence alerts about a malicious attack, although no formal security warning had been received.
The Internet Security Systems X-Force research and development team, a third-party research group, confirms that IIS 5.0 servers that have not been updated with security update MS04-011 are susceptible to this attack. Its alert can be found here.
Microsoft says customers should ensure they have installed this update, released in April 2004, to protect their computers and networks from the issues addressed in that security update. This security bulletin is available here.
Related story:
The mysterious Net attack
Share