Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients
To: firstname.lastname@example.org, email@example.com Date: Fri, 25 Jun 2004 07:50:35 -0700 (PDT)
With the current (in)security of most (if not all) ISP
that provide ASP.Net or ASP Classic shared hosting
services, all the attakers need to do is to get an
hosting account in a shared hosting server (trivial)
and infect these websites from the inside.
I haven't heard of any new IIS exploit (which doesn't
mean that they don't exist), but compromizing the IIS
box from the inside (as seen by the interland story) is
probably how this happened.
BTW, do you know which ISP hosts the 'compromized'
.Net Security Consultant
On Fri, 25 Jun 2004 09:20:34 -0400, Gary Flynn wrote
> Just a reminder. This isn't the first time this has
> Gary Flynn
> Security Engineer
> James Madison University
> Full-Disclosure - We believe in it.
Scanned by Emailfiltering.co.uk
Full-Disclosure - We believe in it.