[Dshield] 0 Day vulnerability in IIS and IE exploited

Mark Tombaugh mtombaugh at alliedcc.com
Fri Jun 25 16:45:38 GMT 2004


On Friday 25 June 2004 1:36 am, Stephane Grobety wrote:
> In the past days, an unknown group of criminals have started
> exploiting a yet to be discovered 0-day exploit in Microsoft IIS window
> to break into corporate web servers. Once in place, they add a page
> footer on most pages served by the machine that contains a JAvascript
> downloading a PHP file in Russia.

Any more info about how the IIS servers are getting hacked? Googling for 
infections, it doesn't appear as widespread as reported, but still very 
concerning. Anyone know if the infected IIS were running FP extensions?

-- 
Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC. <http://www.usihost.com>



More information about the list mailing list