Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New malware to infect IIS and from there jump to clients

From: "dinis () ddplus net" <dinis () ddplus net>
Date: Fri, 25 Jun 2004 07:50:35 -0700 (PDT)
With the current (in)security of most (if not all) ISP
that provide ASP.Net or ASP Classic shared hosting
services, all the attakers need to do is to get an
hosting account in a shared hosting server (trivial)
and infect these websites from the inside.

I haven't heard of any new IIS exploit (which doesn't
mean that they don't exist), but compromizing the IIS
box from the inside (as seen by the interland story) is
probably how this happened.

BTW, do you know which ISP hosts the 'compromized'
websites?

Dinis Cruz
.Net Security Consultant
DDPlus

On Fri, 25 Jun 2004 09:20:34 -0400, Gary Flynn wrote



Just a reminder. This isn't the first time this has
happened:



http://www.computerworld.com/securitytopics/security/story/0,10801,84675,00.html?SKC=home84675


-- 
Gary Flynn
Security Engineer
James Madison University

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html


----------------------------------------
Scanned by Emailfiltering.co.uk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: