Half-Million IIS Servers Hit in Cyber Attack
SEE WARNING AT END OF POST.
Half-Million IIS Servers Hit in Cyber Attack
April 25, 2008
By Andy Patrizio
A massive cyberattack is targeting vulnerable Internet Information Server-based Web pages by redirecting visitors to the site toward one hosting malicious code, and it's growing rapidly.
When Panda Security first noted the infestation, it put the number of infected IIS servers at 282,000. Not even a day later and security firm F-Secure wrote its own blog entry, putting the infestation at over 500,000.
The worst part of it all is that these infestations are not in seamy Web sites, they are taking place in legitimate Web pages. An IFRAME (define) redirects the user to another page, where identity-stealing malware is downloaded onto their computer. So even users who think they are staying clean are not safe.
"In the old days, you used to think if you went to the dark side of the Internet you had a chance of being infected. Now you don't need to go to the bad neighborhoods to get attacked. You can be walking down the good side of the Internet and be infected," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security.
The vulnerability in IIS, developed by Microsoft (NASDAQ: MSFT), allows hackers to inject SQL code to manipulate legitimate Web pages. This code adds an IFRAME to redirect the user to a malicious Website that scans their computer for vulnerabilities and then downloads and installs malware that can get passed the user's defenses.
The problem only affects IIS, not Apache or other Web servers. Microsoft reportedly knows of the issue, said Sherstobitoff. The company has not responded to a query InternetNews.com on when a fix can be expected as of press time.
Sherstobitoff said the U.S. is being hardest hit, with government and public utility sites particularly popular. "They love anything that brings in victims," he said.
Panda and F-Secure both identified a malicious piece of code being hidden in Web pages that does the redirect. Site admins should look for this hidden in their Web pages:
>scCript src=http://www.nihaorr1.XXXcom/1.js<< href="http://forums.iis.net/t/1148917.aspx">"
POSTING ( COPY/PASTE ) THE ABOVE CODE AS WRITTEN IN THE POST WILL INFECT YOUR BLOG. gOOGLES TEXT/CODE PROGRAMING WHEN POSTING CONVERTS THAT CODE TO "ACTIVE"......YOU WILL INFECT YOUR BLOG. g
some people have noticed. Securing the server, updating all of the patches and proper configuration should help protect it until Microsoft comes out with a fix of its own, said Sherstobitoff.
This article was first published on InternetNews.com.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Be sure you are using "Google's block list"
Some search pages have as many as 14,
This blog had one for 15 min.?
It will get worse if not this time NEXT TIME.
What is ahead?
Cyber Pearl Harbor.
All the exercises the FEDs have and not one plans for
the INTERNET GOING DOWN. days, weeks, months.
The world could get its ASS kicked in months if the wrong people get together.
Read cyber Pearl Harbor above.
Its do able.
Gerald
WARNING POSTING THIS STORY FROM SOURCE WITH SCRIPT CODE INCLUDED IN STORY WILL INFECT YOUR BLOG. ETC...
WARNING
Labels: IIS, Internet Information Services, Microsoft, Servers, Web server, Website, Windows Server 2008, www
posted by gerald at
4/25/2008 05:29:00 PM
READ MORE
READ OR SUBSCRIBE, Our WAR OSINT on Twitter
Tweet
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home