K
Kailash Kalyani
Microsoft has learned of a Trojan program that is downloaded by the
Download.Ject malware, also known as Scob, to client machines from infected
IIS servers. When a user visits a Web site hosted on an IIS server that is
infected with Download.Ject, the Web pages downloaded to the user's system
contain an additional JavaScript program that downloads another Trojan
program to the user's system. This second Trojan is called
Backdoor:W32/Berbew, also known as Backdoor-AXJ, Webber, or Padodor. When
this second Trojan runs on the user's machine, it performs several actions,
including:
- Monitoring Internet access. When the user visits one of several financial
or ISP Web sites, the Trojan captures sensitive information-such as log-in
names, passwords, and so on-and sends it to a Web server for the Trojan's
author to retrieve.
- Installing a proxy server that allows the user's system to be used as a
relay for such actions as sending spam.
- Opening fake dialog boxes that prompt the user to enter confidential
information such as ATM card codes, credit card numbers, and so on. This
information is then sent to a Web server for the Trojan's author to
retrieve.
Microsoft has released a tool to help you remove Backdoor:W32/Berbew Trojan
variants from your computer. You can download this tool from the Microsoft
Download Center and run it on your computer to remove Backdoor:W32/Berbew.A,
Backdoor:W32/Berbew.B, Backdoor:W32/Berbew.C, and Backdoor:W32/Berbew.D,
Backdoor:W32/Berbew.E, Backdoor:W32/Berbew.F, Backdoor:W32/Berbew.G and
Backdoor:W32/Berbew.H infections.
This tool is discussed in Microsoft Knowledge Base article 873018. This KB
can be found here:
http://support.microsoft.com/default.aspx?kbid=873018
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
Thank you,
Microsoft PSS Security Team
Download.Ject malware, also known as Scob, to client machines from infected
IIS servers. When a user visits a Web site hosted on an IIS server that is
infected with Download.Ject, the Web pages downloaded to the user's system
contain an additional JavaScript program that downloads another Trojan
program to the user's system. This second Trojan is called
Backdoor:W32/Berbew, also known as Backdoor-AXJ, Webber, or Padodor. When
this second Trojan runs on the user's machine, it performs several actions,
including:
- Monitoring Internet access. When the user visits one of several financial
or ISP Web sites, the Trojan captures sensitive information-such as log-in
names, passwords, and so on-and sends it to a Web server for the Trojan's
author to retrieve.
- Installing a proxy server that allows the user's system to be used as a
relay for such actions as sending spam.
- Opening fake dialog boxes that prompt the user to enter confidential
information such as ATM card codes, credit card numbers, and so on. This
information is then sent to a Web server for the Trojan's author to
retrieve.
Microsoft has released a tool to help you remove Backdoor:W32/Berbew Trojan
variants from your computer. You can download this tool from the Microsoft
Download Center and run it on your computer to remove Backdoor:W32/Berbew.A,
Backdoor:W32/Berbew.B, Backdoor:W32/Berbew.C, and Backdoor:W32/Berbew.D,
Backdoor:W32/Berbew.E, Backdoor:W32/Berbew.F, Backdoor:W32/Berbew.G and
Backdoor:W32/Berbew.H infections.
This tool is discussed in Microsoft Knowledge Base article 873018. This KB
can be found here:
http://support.microsoft.com/default.aspx?kbid=873018
If you have any questions regarding the security updates or its
implementation after reading the above listed bulletin you should contact
Product Support Services in the United States at 1-866-PCSafety
(1-866-727-2338). International customers should contact their local
subsidiary.
Thank you,
Microsoft PSS Security Team