New Exploit Taking Advantage of Unpatched IIS Servers

24 06 2004

Netcraft has a good write up about this little exploit called “Download.Ject” that “reputable” servers are apparently spreading.  You see, they’ve been infected via a hole that was supposed to have been patched when the “Sasser” worm came out.  I still think that the net positive from applying an MS patch far outweighs the potential prolems that people appear to encounter some times.

PEOPLE – PATCH YOUR COMPUTERS!  DO IT NOW, DO IT OFTEN, DO IT AUTOMATICALLY!

We’ve seen the AV trigger on a PC here – it shows up as infected .gifs and .jpgs  Symantec calls it “Trojan.Horse”  – I’m guessing a generic name until defs come out calling it something with “Ject” 

Read the articles – inform yourself!

Softpedia article: http://news.softpedia.com/news/2/2004/June/8728.shtml

Infoworld article: http://www.infoworld.com/article/04/06/25/HNmspushesxpbeta_1.html?source=rss&url=http://www.infoworld.com/article/04/06/25/HNmspushesxpbeta_1.html

BBC article: http://news.bbc.co.uk/1/hi/technology/3840101.stm

MS’s Security page: http://www.microsoft.com/security/incident/download_ject.mspx

Netcraft’s article: http://news.netcraft.com/archives/2004/06/25/iis_exploit_infecting_web_site_visitors_with_malware.html

Symantec’s Page: http://securityresponse.symantec.com/avcenter/venc/data/download.ject.html

[Later]  They’ve apparently shut down the Russian Server from which infected servers were grabbing the code… see: http://news.com.com/Web+site+virus+attack+blunted/2100-7349_3-5248279.html?part=rss&tag=5248279&subj=news.7349.5 for full details.

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: