Webber/Berbew

infectionvectors.com

June 2004

Infection Vector: JS via Internet Explorer

Impact:             High (steals personal information/remote access to host)

Webber/Berbew received a great deal of attention as it is linked to the IIS server compromises of late June 2004. The Java Script-dropped Trojan lifts personal information from a host and allows an outsider to monitor Internet actions of the user. Webber also allows an attacker remote access to the infected host, opening the possibility for virtually any type of compromise.

Additional Information:

Each variant sets different keys, and each is difficult to detect without AV software or inspection of Registry.