[Dshield] 0 Day vulnerability in IIS and IE exploited

Brenden Walker BKWalker at DRBSystems.com
Fri Jun 25 17:57:59 GMT 2004


If it's what I'm thinking ..here are some links about it

http://securityresponse.symantec.com/avcenter/venc/data/download.ject.html
http://www.f-secure.com/weblog/
http://www.microsoft.com/security/incident/download_ject.mspx


> -----Original Message-----
> From: Mark Tombaugh [mailto:mtombaugh at alliedcc.com] 
> Sent: Friday, June 25, 2004 12:46 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] 0 Day vulnerability in IIS and IE exploited
> 
> 
> On Friday 25 June 2004 1:36 am, Stephane Grobety wrote:
> > In the past days, an unknown group of criminals have started 
> > exploiting a yet to be discovered 0-day exploit in Microsoft IIS 
> > window to break into corporate web servers. Once in place, 
> they add a 
> > page footer on most pages served by the machine that contains a 
> > JAvascript downloading a PHP file in Russia.
> 
> Any more info about how the IIS servers are getting hacked? 
> Googling for 
> infections, it doesn't appear as widespread as reported, but 
> still very 
> concerning. Anyone know if the infected IIS were running FP 
> extensions?
> 
> -- 
> Mark Tombaugh <mtombaugh at alliedcc.com>
> Allied Computer Corporation <http://www.alliedcc.com>
> USiHOST, iNC. <http://www.usihost.com> 
> _______________________________________________
> list mailing list
> list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 



More information about the list mailing list