Posted on 06/25/2004 1:53:54 PM PDT by familyop
IIS 5 Web Server Compromises
added June 24
US-CERT is aware of new activity affecting compromised web sites running Microsoft's Internet Information Server (IIS) 5 and possibly end-user systems that visit these sites. Compromised sites are appending JavaScript to the bottom of web pages. When executed, this JavaScript attempts to access a file hosted on another server. This file may contain malicious code that can affect the end-user's system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems.
Web server administrators running IIS 5 should verify that there is no unusual JavaScript appended to the bottom of pages delivered by their web server.
This activity is another example of why end users must exercise caution when JavaScript is enabled in their web browser. Disabling JavaScript will prevent this activity from affecting an end-user's system, but may also degrade the appearance and functionality of some web sites that rely upon JavaScript. US-CERT recommends that end-users disable JavaScript unless it is absolutely necessary. Users should be aware that any web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code.
I'm programming challenged. How does one disable javascript?
It is an option in your web browser's preferences. However, if you run FireFox (http://www.mozilla.org/) you will not be vulnerable to any viruses targeted for the Internet Explorer browser.
Thank you.
ok i just installed foxfire browser and thunderbird email client. and i also made foxfire my default browser and iam now getting all my faves into foxfire. iam doing it the long way since it refuses to import them. now should i be protected? i mean i still have IE on my machine but im not using it. i really like the email program it has a built in junk filter! i like that.
Right. You can have it on your machine, just don't surf the web with it. (I do believe this is the tipping point for IE, imho.)
"However, if you run FireFox (http://www.mozilla.org/) you will not be vulnerable to any viruses targeted for the Internet Explorer browser."
Thanks! I'm out of touch with all of that while having run development operating systems (of the Internet workhorse type) for about eight years now. ...am concerned, though, as viruses and worms do cut productivity and open the way for more spam.
IMO, although MS is not a good way to go for Internet servers, the desktop versions are good in that they don't require much training time for employees, are focused for office tasks (don't offer thousands of distracting administrative packages that are extraneous to office work), etc.
As long as you don't use IE for surfing the web, you should be perfectly fine. You will need to use it for Windows Update, but that only connects to Microsoft's website, so that is OK.
You should install an anti-virus package like AVG (free personal one at http://www.grisoft.com) if you don't have one already, just in case.
funny ive always used MSIE but the past months have been nothing but patches ,security updates hotfixes ect ect its quite fustrating. iam already getting used to foxfire and i havnt had but for an hour:)
Not much different from IE really. I've been hearing on the radio news that this virus could be collecting credit card numbers. Yikes! Yeah, I think this spells the end of IE.
maybe you answer this then! how do i acsess IE? i get a message that foxfire is my default and ihave looked all over but cant find where to change it back to IE. i have just enough knowledge to be very dangerous to my PC!! believe it or not ive been acsessing IE by using my ebay toolbar in the system tray i know its a wierd way to get IE to open but at the moment its the only game around it seems.
Here is an excellent article about what each of the Anti programs does and which do a better job. Written in english - not geek speak.
http://www.wired.com/news/infostructure/0,1377,63978,00.html?tw=wn_tophead_4
this is why i changed browsers. what a nightmare this could end up being for those who are not aware!
I have norton installed on this machine so im covered there . but i did look in bookmarks and it did not add them so i ran the import wizard and everything went to heck in a hand cart. with error messeages so iam doing it longhand so to speak. dragging and dropping from IE to foxfire
thanks much! i dont want to set IE as my default. i thought i needed to in order check for updates or something but if i dont have to i wont. just hope dear hubby dosnt shoot me for making all these changes. hes a taurus he hates change! but iam very concerned about this attack and i do a lot of transactions online through ebay and my bank and sheesh half a dozen other places and i dont want anyone able to steal my CC or DC info!!
The article addresses spyware, not viruses. I was referring to trojan horse programs. Back Orifice was a trojan horse program, as was subseven. It's those types of programs that are of concern because they're not used to push advertisements to the computer, but to remotely control the computer as a 'zombie' so it can be used in an attack against other computers. Personally, the combination I use is Norton Anti-virus 2003 (less junk than '04), Ad-aware (free) and Spybot (also free). In addition, I exclusively use Mozilla, including its built-in email application. I stay virus and spyware free on both my home and work PC. It's really not all that tough to keep things running smoothely, it's just that most folks don't know the few things necessary to keep it that way.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.