Posted on 06/25/2004 1:53:54 PM PDT by familyop
IIS 5 Web Server Compromises
added June 24
US-CERT is aware of new activity affecting compromised web sites running Microsoft's Internet Information Server (IIS) 5 and possibly end-user systems that visit these sites. Compromised sites are appending JavaScript to the bottom of web pages. When executed, this JavaScript attempts to access a file hosted on another server. This file may contain malicious code that can affect the end-user's system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems.
Web server administrators running IIS 5 should verify that there is no unusual JavaScript appended to the bottom of pages delivered by their web server.
This activity is another example of why end users must exercise caution when JavaScript is enabled in their web browser. Disabling JavaScript will prevent this activity from affecting an end-user's system, but may also degrade the appearance and functionality of some web sites that rely upon JavaScript. US-CERT recommends that end-users disable JavaScript unless it is absolutely necessary. Users should be aware that any web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code.
Sorry. I misunderstood your post.
Ive been running adaware and spybot SandD for months now and i love those programs! having a DSL connection leaves my PC vulnerable i think so i use those two utilities every day.
I run Norton system works it is a fantastic program.
I ran the ie explorer and the browser popped right up.Thanks for all your help:)
Welcome any time, mail me if you have any further questions. :-)
If you are using MSIE click TOOLS,Internet Options, Security, Custom Level, scroll down to JAVA permissions and click High Safety and that should do it.
yes we do
thanks much i will take you up on that offer:) ive been tinkering with all the goodies on the browser and the email client i do believe iam going to like this mozilla!
I just installed one called Spyware Blaster. It keeps spyware from installing itself on your computer, and works for IE and Firefox. After running Ad-Aware and Spybot, you can use Spyware Blaster to take a snapshot of your system in case you need to go back to a 'clean' version of your system.
im off to check it out thanks.
If ever in IE, try this. Options, Privacy, Advanced, Block 3rd Party Cookies. Scan periodically but should stay ~100% clean.
This is a very sophisticated hack. Simple maybe to some, but it was quickly released and shows a desire to attack Microsoft systems. It's important to remember to blame the hackers for things like this, and the admins who hadn't yet applied the required patches. Maybe one day security updates will be absolutely automatic, but right now it's pretty close. The hackers are the problem, not the update process.
On behalf of all the programming-challenged freepers, I thank you. :)
...agreed on all. Attacks are most often against MS or Mac systems, because they are easier targets. And more cracking punks are using those systems. Furthermore, end-users don't have a lot of time to learn to use open free systems, so they don't have a lot of time for reading security documents and upgrading.
There are also attacks against UNIX systems. UNIX users put more initial time into getting the software installed, running and more time into learning to use them in order to have the timely updates (often before each new attack is devised). It's a tradeoff. Most of the UNIX systems users I've been acquainted with are older geeks, systems admins, radio enthusiasts, et al. Some Linux systems are getting easier to install and beginning to attrack younger anarchists and all of that (thus our making certain UNIX security packages more difficult to configure). But I've known a few UNIX systems admins. who did not upgrade in time to beat attacks. Some of them have left Linux behind to use other UNIX systems (BSD variants, etc.).
There has been a lot of UNIX open system effort to secure MS desktops from outside attacks, but stopping trojans of various kinds that way is a challenge, to say the least. Success against trojans requires good user discretion. I worked for one well known IT company that replaced images on all machines at least once per day, because its employees opened all attachments that came their way, used instant messaging to the outside, etc.
I also think that MS will eventually have fewer lawyers in their employ while having more developers and testers. Sooner or later, their updates will come more quickly.
I can't imagine trying to keep an office pool trained well enough with UNIX as a reasonably cost effective total desktop system very soon, though. It would be a nightmare to try it for now. It might be even more likely that commercial office "suites" will be in the forefront of UNIX terminal/desktop solutions (MS Excel and Word intra-servers for offices with terminals). One such package is Star Office (German company, then Sun, last I knew). ...wonder how that one's doing? Yet, a few of my acquaintances continue to use Windows systems behind UNIX servers/routers/firewalls. MS stuff is an easier transition from offices/schools.
Security for MS will improve. Hopefully, though, it will improve before too many intrusive, freedom-limiting laws are made regarding the Net.
Great post, thanks. What we see with Microsoft, whether we are a user of that particular brand of technology or not, is the cutting edge battle of hacker capability verses available security. Both are at their leading edge, and the war goes back and forth. Most importantly as of late, user awareness has been raised, being essential as we head into an era of more sophisticated operating systems, and more sophisticated attacks.
Ultimately we will see a clearing of the smoke, and more definitive labeling of the differences between "white hat" and "black hat" hackers, with most existing "hackers" eventually being categorized as "black hat", and "white hat" "blocking" becomes more of a full time exclusive profession. It's been amazing to see, the rise of the hackers against innocent unsuspecting users in just the last 5 years, but it's only gotten worse and is at an all time high now. We can only hope we continue to win that bleeding edge war, because it unfortunately isn't going away, especially as most attacks come from foreign lands, and foreign lands is where the www is expanding. I trust that we will. It will take a coordinated effort, and less acceptance of ALL illegal or immoral online activity.
"...in order to have the timely updates (often before each new attack is devised)"
Hmmm. That's an idea. Is MS putting much effort into trying cracks against its own systems to catch problems before they come from crackers? That's the one most successful method for securing UNIX systems. It wouldn't stop the user neglect side of the problem (leaving unused ports open, not updating, etc., which UNIX systems users also do), but it would be a good step--that, and dumping the spyware they plant in new systems to track customer preferences (leaves holes). ...if they haven't already had customers patch those and close them up.
"...with most existing "hackers" eventually being categorized as "black hat", and "white hat" "blocking" becomes more of a full time exclusive profession."
You addressed what I brought up as it was being written. If by "white hat," you mean friendly testers who look for vulnerabilities so developers can plug them, that's the one most important key (no pun intended) to good security, I think--that and maybe a few of the kinds of steps taken in Chapter 8 (NISPOM) security requirements.
Absolutely is my understanding. At one time this may have been the only way much security was being done, rather than designing from a intial secure state.
it would be a good step--that, and dumping the spyware they plant in new systems to track customer preferences
Spyware has drawn great attention to the "intrusion" aspect, without actually intruding on too many. A very close eye was being kept on it, and as soon as it was recognized there was actually illicit activity going on, Congress has immediately stepped it and will apparently act. Let's hope it's a complete and thorough bill. More legislation is unfortunate, but IT is one of the few if only place it can still be justified.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.