Despite the fact that SpyAxe and WinHound have already threw thousands of people into a panic, a little was known about the means how these dangerous trojans infect user computers. According to the recent research of Websense, security software company, and 2-Spyware.com own information, both SpyAxe and WinHound get into victim computers by exploiting several Microsoft Internet Explorer vulnerabilities discovered in May and late November, but still unfixed. Thousands of malicious web sites plant those parasites into each visitor’s system. All it takes to get infected is to visit an insecure site with Internet Explorer running on Windows 98, Me, 2000 or XP (even with Service Pack 2). The victim will not notice anything suspicious, as exploits do not require any user interaction. Websense also provides an example demonstrating what happens when a fully-patched Windows XP workstation visits a malicious web site – it gets immediately infected. The desktop wallpaper gets changed with a fake alert and a corrupt spyware remover gets downloaded and launched. It doesn’t matter whether an antivirus or a firewall is installed to the system, since such software often is unable to prevent malware installation through Internet Explorer vulnerabilities.
To avoid SpyAxe and WinHound infections as well as SpySheriff, RazeSpyware and some other stealth installations Microsoft released a security advisory. It encourages all the users to follow these instructions:
1. Change Internet Explorer settings to prompt or disable before running Active Scripting in the Internet and Local intranet security zone.
2. Set Internet and Local intranet security zone settings to “High” or prompt before running Active Scripting in these zones.
3. Restrict Web sites to only your trusted Web sites.
4. Apply the most recent security updates released by Microsoft.
However, we believe this is not enough. All the users are also encouraged to use an alternative web browser such as Mozilla Firefox or Opera while surfing through suspicious, potentially harmful web sites, software download services or resources never visited before. This should help to avoid stealth SpyAxe and WinHound installations, as alternative web browsers are not affected by recent exploits and therefore cannot be used to plant trojans.