Storage News
Security News
Networking News

FREE NEWSLETTERS

internet.commerce

Be a Commerce Partner
Online Universities
Cell Phones
Server Racks
Promotional Products
Promotional Pens
KVM over IP
Find Software
Build a Server Rack
Hurricane Shutters
Shop
Laptop Batteries
Imprinted Promotions
Laptops
Condos For Sale

internet.com

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Heroes Happen Here Launch Events
Attend the upcoming launch of three powerful new products, take a test drive, meet the teams, and leave with promotional copies of Windows Server 2008, Microsoft SQL Server 2008, and Microsoft Visual Studio 2008. Register here. »

Install What You Need with Windows Server 2008
Windows Server 2008 is Microsofts most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »

Simplify Big Business IT for Small and Midsize Companies
Windows Small Business Server 2008 and Windows Essential Business Server 2008 deliver all-in-one solutions to help fuel growth for customers and partners. »

Q&A with Bob Muglia: Senior VP, Server and Tools Division
Bob Muglia, senior vice president, Server and Tools Division, discusses Microsofts new interoperability principles and the steps the company is taking to increase the openness of its products. »

Q&A with Lutz Ziob, GM of Microsoft Learning
Lutz Ziob, the general manager of Microsoft Learning, talks about how IT professionals can become certified heroes within their enterprises by getting trained and certified in Windows Server 2008. »

Related Articles

•Oracle Plugs 41 Security Flaws
•Microsoft Patch Tuesday: April 2008

Security Products

• MHZ2 CJ Series (Fujitsu Computer Products of America, Inc)
• Secure Mail / Secure DOX (Echoworx Corp)
• Enterprise Security Reporter (ScriptLogic Corp)
• AlgoSec Firewall Analyzer (Algorithmic Security, Inc)
• Gatekeeper / Firestick (Yoggie Security Systems)
• SecureFusion (Gideon Technologies, Inc)

» Enterprise IT Planet » Security » Security News

Visit ServerWatch for summaries of server and development tool updates, the latest on server news and trends, and more.

Half-Million IIS Servers Hit in Cyber Attack

By Andy Patrizio
April 29, 2008

Email Print Digg This Add to del.icio.us

A massive cyberattack is targeting vulnerable Internet Information Server-based Web pages by redirecting visitors to the site toward one hosting malicious code, and it's growing rapidly.

When Panda Security first noted the infestation, it put the number of infected IIS servers at 282,000. Less than a day later, security firm F-Secure wrote its own blog entry, putting the infestation at over 500,000.

Worse, these infestations don't come through seamy Web sites -- they are taking place in legitimate Web pages. A secretly embedded IFRAME redirects a user to another page, where identity-stealing malware is downloaded onto his or her computer. So even users who think they are staying clean are not safe.

"In the old days, you used to think if you went to the dark side of the Internet, you had a chance of being infected," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security. "Now, you don't need to go to the bad neighborhoods to get attacked. You can be walking down the good side of the Internet and be infected."

The vulnerability is due to poorly-written SQL code that does not properly examine user input from a Web page form, experts said.

When data is entered into a form, it's up to the programmer to add "code scrubbing," making sure that malicious code like this does not get added to the SQL database. In this case, however, the hackers are preying on Web page that don't do code scrubbing.

Their malicious code adds an IFRAME to redirect the user to a malicious Web site, with JavaScript that scans their computer for a number of known vulnerabilities that Microsoft has already patched. If the user's computer is unpatched, the malicious site downloads and installs malware on their computer.

The problem has centered around IIS Web server in particular because the hackers are targeting Microsoft's ASP pages, which have a strong connection to SQL Server, Microsoft's database.

Sherstobitoff said the U.S. is being hardest hit, with government and public utility sites proving particularly popular targets.

"They love anything that brings in victims," he said.

Panda and F-Secure both identified the malicious piece of code being hidden in Web pages that does the redirect. As a result, security experts are warning site admins to look for this hidden in their Web pages:

<script src=http://www.nihaorr1.com/1.js>

If that appears anywhere in your page, then you have a problem, as some people have noticed. Securing the server with the latest patches and proper configuration should help protect it until Microsoft comes out with a fix of its own, Sherstobitoff said.

Also, experts recommended that users get their computers fully up to date using all available patches from Microsoft -- so that even if they are redirected to the malicious site, the attacker won't find any security holes to exploit.

Courtesy of InternetNews.com

Email Print Digg This Add to del.icio.us

Security News Archives

eBook: Evaluating Software as a Service for Your Business. Sponsored by Webroot
Flash Demo: Learn how IBM Information Server Blade is easy to manage, highly scalable and efficient.
HP eBook: Using Business Service Management (BSM) to Manage Your Business Applications
Increase your reach with unlimited Webinars for one low rate. Try GoToWebinar FREE.
Best Practices: Make the Case for IT Investments. Complimentary Independent Report. Download Now!


Whitepaper: Provide Proactive Protection to Consumer Online Transactions Sponsored by VeriSign Weak user or consumer authentication has fueled the problems of Internet identity theft,including phishing and financial fraud. Learn how VeriSign's Identity Protection services has the potential to increase consumer loyalty by maximizing security for your customers while maintaining price sensitivity for your online business. Learn more.
Solutions for Technology Professionals from Internet.com

Search:
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES