Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients
dinis_at_ddplus.net
Date: 06/25/04
- Previous message: bills.bitch_at_hushmail.com: "Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: flynngn@jmu.edu, full-disclosure@lists.netsys.com Date: Fri, 25 Jun 2004 07:50:35 -0700 (PDT)
With the current (in)security of most (if not all) ISP
that provide ASP.Net or ASP Classic shared hosting
services, all the attakers need to do is to get an
hosting account in a shared hosting server (trivial)
and infect these websites from the inside.
I haven't heard of any new IIS exploit (which doesn't
mean that they don't exist), but compromizing the IIS
box from the inside (as seen by the interland story) is
probably how this happened.
BTW, do you know which ISP hosts the 'compromized'
websites?
Dinis Cruz
.Net Security Consultant
DDPlus
On Fri, 25 Jun 2004 09:20:34 -0400, Gary Flynn wrote
>
> Just a reminder. This isn't the first time this has
> happened:
>
>
http://www.computerworld.com/securitytopics/security/story/0,10801,84675,00.html?SKC=home84675
>
> --
> Gary Flynn
> Security Engineer
> James Madison University
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
----------------------------------------
Scanned by Emailfiltering.co.uk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: bills.bitch_at_hushmail.com: "Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
