Full Disclosure mailing list archives
Re: New malware to infect IIS and from there jump to clients
From: "dinis () ddplus net" <dinis () ddplus net>
Date: Fri, 25 Jun 2004 07:50:35 -0700 (PDT)
With the current (in)security of most (if not all) ISP that provide ASP.Net or ASP Classic shared hosting services, all the attakers need to do is to get an hosting account in a shared hosting server (trivial) and infect these websites from the inside. I haven't heard of any new IIS exploit (which doesn't mean that they don't exist), but compromizing the IIS box from the inside (as seen by the interland story) is probably how this happened. BTW, do you know which ISP hosts the 'compromized' websites? Dinis Cruz .Net Security Consultant DDPlus On Fri, 25 Jun 2004 09:20:34 -0400, Gary Flynn wrote
Just a reminder. This isn't the first time this has happened:
http://www.computerworld.com/securitytopics/security/story/0,10801,84675,00.html?SKC=home84675
-- Gary Flynn Security Engineer James Madison University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
---------------------------------------- Scanned by Emailfiltering.co.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: New malware to infect IIS and from there jump to clients dinis () ddplus net (Jun 25)