Press Release
Release Date:
June 28, 2004
New Data Shows Over 600 Web Sites Still Infected
with js.scob.trojan.
Cyveillance identifies all sites infected by JS.Scob.Trojan virus,
latest variation of “phishing”
Arlington, Va., June 28, 2004 — Cyveillance®, the leading provider of online risk monitoring and management solutions, today announced the results of a rapid, comprehensive sweep of web sites that indicates 641 sites were still infected with the JS.Scob.Trojan virus as of June 27, 2004. The company used its proprietary Internet monitoring technology to visit all known sites running Microsoft Internet Information Services 5.0 (IIS) and identify which ones were compromised.
This virus, which exploits vulnerabilities in Microsoft’s Internet Explorer web browser and IIS 5.0 web server software, could enable criminals to steal personal information, including passwords, credit card numbers and social security numbers, from individuals who visit an infected web site. “This newest form of phishing is far more devious than email-based attacks since a key-stroke logger is installed completely passively on the individuals computer, without the victim falling for a scam,” said Panos Anastassiadis, CEO of Cyveillance. “The impact of these kinds of viruses is of grave concern, because loggers can capture far more personal information than is typically shared with a single phishing site.”
Cyveillance’s proprietary technology, uniquely capable of conducting rapid, comprehensive assessments of Internet content, was able to identify the compromised sites because of the nature of the trojan. To gather information for this study, Cyveillance leveraged its most recent (June 2004) monthly audit of over 50,000,000 domains to determine the trojan’s target population of over 6,200,000 web sites known to run IIS 5.0. Cyveillance then collected and analyzed web pages from these sites to test for possible infection, confirming 641 cases. Rob Kodey, Cyveillance VP of Technology noted, “Because the attack alters the web server configuration to append code to its public pages, Cyveillance’s technology was readily able to identify the compromised sites.”
About Cyveillance, Inc.
Cyveillance, the leading provider of online risk monitoring and management services, is focused on helping organizations monitor the Internet for issues such as identity theft, fraud, security risks, unauthorized product distribution and many forms of brand abuse. The company uses its proprietary technology to deliver high-impact, 100% relevant, actionable intelligence, drawn from—and delivered securely over—the Internet on a subscription basis. Cyveillance services help customers increase revenues, reduce costs, improve operational efficiencies and mitigate mission-critical risk. Cyveillance serves more than 135 customers and counts over half of the Fortune 50 as clients