1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IIS Servers Experience Massive Cyber Attack

Discussion in 'News' started by tripwire45, Apr 26, 2008.

  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster


    IIS Servers Experience Massive Cyber Attack

    A massive cyber-attack is targeting vulnerable Internet Information Server based Web pages by redirecting visitors to the site toward one hosting malicious code, and it's growing rapidly. When Panda Security first noted the infestation, it put the number of infected IIS servers at 282,000. Less than a day later, security firm F-Secure wrote its own blog entry, putting the infestation at more than 500,000. The worst part of it all is that these infestations are not in seamy Web sites, they are taking place in legitimate Web pages. An IFRAME redirects the user to another page, where identity-stealing malware is downloaded onto their computer. So even users who think they are staying clean are not safe.

    The full story can be found at ServerWatch.com.
    Certifications: A+ and Network+


    1. hbroomhall
      Interesting. Looking at the article you quote it says:
      If that was true then they did a remarkably poor job of paraphrasing the original. Among other things they say
      But the original article doesn't say this, mostly because it isn't a problem with the web servers, but a problem of SQL injection where the programmer has been incredibly lax and not bothered to sanitize queries from the Internet at large.

      MSSQL and ASP are being targeted because it is easier to identify such a combo than MySQL or Postgres plus PHP/Perl/whatever, but non-IIS sites are being damaged as well. Just not in such numbers!

      Not blaming you trip, IMHO it is the article you quote that is at fault here! :p

    2. neutralhills
      It's all good. More infected machines means more work for me. w00t! :oops:
    3. tripwire45
      Hmmm. Normally, this is a reliable source, but then, most of what I usually post of their is original material. I'll have to be more careful from now on. Thanks for the "heads up", Harry.
    4. ffreeloader

      You weren't completely wrong. What is now surfacing is that this is a combination of poor coding practices, and the way IIS6 and SQL Server work together.

      What follows is a part of a FAQ on the hackademix.net site for MS server admins showing them how to work around this problem.

      The rest of this FAQ can be read at the following link.
    5. Crito
      You get what you pay for.


    Share This Page