(Cross-posted to Ignite/400 and Midrange-nontech)
A major Microsoft IIS security blowup:
http://isc.sans.org/diary.php?date=2004-06-24
http://isc.sans.org/
Microsoft IIS servers worldwide are getting terrorized (nobody knows
how, nobody is sure by whom, but it seems to be a Russian site) with a
hugely virulent hack. The virus causes a footer to be appended to every
page sent from the server which in turn hacks any machine visiting the
site using MSIE. The hack on the visiting machine is SEVERELY
dangerous. It downloads one of a variety of payloads, from keystroke
loggers to backdoors, but here's the kicker:
"The javascript uses a so far unpatched vulnerability in MSIE to
download and execute the code. No warning will be displayed. The user
does not have to click on any links. Just visiting an infected site will
trigger the exploit."
I want to be clear, this is no drill: hackers have ALREADY infected
Microsoft IIS servers worldwide with a severe virus. This virus IN TURN
will infect any MSIE browser that is vulnerable (which is currently just
about all MSIE browsers) and will WITHOUT WARNING download and install
software from a site in Russia to spy on, take control of, or disable
your PC.
Haven't we had enough of this yet? Can we for once and for all just
dump IIS on the trashheap of software history where it belongs?
Joe
