Security alerts

VirusHeat

VirusHeat is a false or rogue anti-spyware program that installs itself on to your computer, without your knowledge or permission, via a Trojan (such as Zlob). Once installed, it launches from within the Windows Startup process and floods the computer with false virus warning messages. Using these messages, along with misleading search results, VirusHeat attempts to force the computer's owner into downloading the full version of the software. It is difficult to manually remove both VirusHeat and its Trojan counterpart as they attempt to recreate themselves. Other false anti-spyware programs, such as VirusProtect Pro, AntiVirGear and VirusRay, have similar payloads.

Mass IFrame Injection

Description:

More than 10,000 legitimate websites, many of them being high profile sites, have been compromised and now have an IFrame that will direct visitors to a malicious Website hosted on 2117966.net. Compromised websites attempt to exploit the vulnerability described in Microsoft Security Bulletins MS06-014, MS07-004, MS06-067, MS06-057 and a number of ActiveX vulnerabilities.

Successful exploitation results in the installation of a password-stealing program that attempts to steal the logon credentials from websites and online games.

Currently, there are no details available as to how IFrames were placed on these Website.

Solution:

Block 2117966.net at your Web proxy.

Recommended follow-up action: Inspect your Web proxy logs for visitors to 2117966.net. This will indicate who is potentially exposed. Check these systems to verify that patches are up-to-date. Systems that are successfully compromised will begin sending traffic to 61.188.39.175. Search your proxy logs for systems generating those requests, and reformat the infected machines.

Protecting Web servers

Currently there are no recommendations for protecting Web servers.