[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients

To: flynngn@xxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients
From: "dinis@xxxxxxxxxx" <dinis@xxxxxxxxxx>
Date: Fri, 25 Jun 2004 07:50:35 -0700 (PDT)

With the current (in)security of most (if not all) ISP
that provide ASP.Net or ASP Classic shared hosting
services, all the attakers need to do is to get an
hosting account in a shared hosting server (trivial)
and infect these websites from the inside.

I haven't heard of any new IIS exploit (which doesn't
mean that they don't exist), but compromizing the IIS
box from the inside (as seen by the interland story) is
probably how this happened.

BTW, do you know which ISP hosts the 'compromized'
websites?

Dinis Cruz
.Net Security Consultant
DDPlus

On Fri, 25 Jun 2004 09:20:34 -0400, Gary Flynn wrote

> 
> Just a reminder. This isn't the first time this has
> happened:
> 
>
http://www.computerworld.com/securitytopics/security/story/0,10801,84675,00.html?SKC=home84675
> 
> -- 
> Gary Flynn
> Security Engineer
> James Madison University
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html

----------------------------------------
Scanned by Emailfiltering.co.uk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] server administration
Next by Date: Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients
Previous by thread: [Full-Disclosure] Security hole in Confixx backup script
Next by thread: Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients
Index(es):
- Date
- Thread