Skip to Main Content
A recent Internet attack that exploited a powerful new assault technique has computer security officials worried that it could be a harbinger of worse things to come. The attack was based on a Trojan horse - a nonreplicating program that hides malicious code inside apparently harmless programming, data, or Web pages - dubbed JS.Scob.Trojan by antivirus experts. These servers hosted millions of infected pages during the attack. Scob affected Web sites for such well-known organizations as the Kelley Blue Book car pricing service and MinervaHealth, which provides online financial services for the healthcare industry. The Trojan loaded software that captured victims' keystrokes - which could have included valuable information such as passwords and credit card numbers - and sent them back to the hackers. The Scob attack was significant for several reasons. Scob's dangerous new aspect was that rather than opening e-mail attachments, victims didn't have to do anything but visit a contaminated Web site to become infected. By using Web servers and Web sites to install the malicious code, hackers were able to install the Trojan.
Date of Publication: Sept. 2004