Net Attack Aimed at Banking DataWed Jun 30, 9:05 AM ET
By Mike Musgrove, Washington Post Staff Writer
Computer security experts warned yesterday of another new Internet threat that can steal the passwords and account information of people who bank online -- the second such discovery in a week.
Users can pick up the latest bug, which doesn't yet have a name, from pop-up ads that secretly download software capable of capturing their keystrokes. The pop-ups originate at Web sites that receive their ads from certain online ad services, which apparently had themselves been hacked to spread the malicious code.
The bug targets users of Microsoft Corp.'s Internet Explorer browser. Experts said users can protect themselves from the bug by using a non-Microsoft Corp. browser or by using software to block pop-ups. Internet Explorer users are immune if they download and install a patch that was released in April. Internet Explorer users are also being advised to set the security setting for their browsers to "high," a level that makes it more difficult to interact with some Web sites.
Software on computers that pick up the bug will record the keystrokes of users who visit any of 50 targeted financial Web sites, security experts said. The bug apparently attempts to send the stolen information to a Web site based in Estonia.
More:
http://news.yahoo.com/news?tmpl=story&cid=1804&u=/washpost/20040630/tc_washpost/a16023_2004jun29&printer=1TYY