Finjan Software proactively protects against Scob Worm and all its variants

Bracknell, Berks, 28 June, 2004: A new Trojan called Scob has started to appear around the world. Similar to the Nimda worm, the Scob is a blended threat which does not require any human interaction to spread, marking a new generation of dangerous worms. The worm allows an attacker to record a user’s private information, including passwords, thus putting the confidentiality of that information at high risk.

By proactively preventing malicious operations such as remote code execution using patented real-time behaviour monitoring technology and centrally managed security policies, Finjan’s Vital SecurityTM for Clients and Vital SecurityTM for Web solutions protect users from the Scob Trojan and its variants.

The Scob Trojan is a VBScript utility which targets Microsoft IIS servers, appending a malicious JavaScript to web pages in the compromised web server. When a user accesses the infected web page, the appended JavaScript downloads a file from a Russian website to the user's desktop, without any user intervention.

The hidden JavaScript exploits an Internet Explorer vulnerability identified in Microsoft Security Bulletin MS04-011 on April 13, 2004. The downloaded file includes a key logger that hijacks user information (passwords). The Russian web site is currently down, so the attack is very limited at this time, but variants of this virus may appear in the coming days.

Aliases include JS.Scob.Trojan, Download.Ject, JS.Toofeer, Webber.P, Trojan.JS.Scob.a. The downloaded file can be of several variants, such as BackDoor-AXJ.dll and VBS/Psyme, and can be used for any purpose, including remote execution of code, password logging and other operations.

Finjan's Vital SecurityTM product line routinely examines mobile code, scripts, processes and various applications by monitoring the behavior of active content using its unique "sandboxing" technology, thus preventing any malicious behaviour originating from the network.

It similarly provides protection against other malicious mobile code attacks traveling via the Internet, e-mail, peer-to-peer (P2P) applications, Instant Messengers and IRC, without the need to download patches or updates.

For further information please contact:
Alison Sambrook
+44 (0) 1344 427127
Sarah Brambley/Laura Slade
+44 (0) 1252 727313

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development