Slashdot Mirror

← Back to Stories (view on slashdot.org)

500 Thousand MS Web Servers Hacked

Posted by kdawson on from the scream-and-shout dept.

andrewd18 writes "According to F-Secure, over 500,000 webservers across the world, including some from the United Nations and UK government, have been victims of a SQL injection. The attack uses an SQL injection to reroute clients to a malicious javascript at nmidahena.com, aspder.com or nihaorr1.com, which use another set of exploits to install a Trojan on the client's computer. As per usual, Firefox users with NoScript should be safe from the client exploit, but server admins should be alert for the server-side injection. Brian Krebs has a decent writeup on his Washington Post Security Blog, Dynamoo has a list of some of the high-profile sites that have been hacked, and for fun you can watch some of the IIS admins run around in circles at one of the many IIS forums on the 'net."

4 of 332 comments (clear)

  1. Re:Bias? by MrMr · · Score: 1, Troll

    I don't know what to say.
    That's pretty obvious.

    How is the alledged fact that a LAMP stack would have been more vulnerable to this IIS directed attack relevant to this story? No claims of superiority for any server software in the blurb. Are you just trolling?

  2. Re:ob... by sm62704 · · Score: 0, Troll

    No. IIS is a Microsoft server. I've heard that IIS stands for "It Isn't Secure".

    Does half a million compromised servers comprise a beowolf cluster? No again.

    I'd quote the uncyclopedai entry on Microsoft, but the Microsoft <strike>shills</strike> fanboys would mod me "troll".

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  3. following the breadcrumbs by v1 · · Score: 0, Troll

    The vulnerability being exploited is documented here and shows it was "last updated" April 23. (two days ago)

    My favorite amusement is:

    Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

    Thanks for that. Now that 500k servers got owned maybe you want to move on this sort of thing a little more seriously.

    At the bottom they ask, How would you rate the usefulness of this content ? But there's no option for "a little late, eh?"

    Though it DOES make me wonder if the publishing of this notice gave the idea to the makers of the malware. Makes a good case for not publishing a known vulnerability until either (1) its' in the wild already, or (2) you have a fix for it. Clearly neither of these were the case on Wednesday.

    --
    I work for the Department of Redundancy Department.
  4. uh-oh, sockpuppets by willyhill · · Score: 0, Troll
    hi twitter. You have something that's not from 2004? I was referring to IIS6, of course. IIS5 (which is what that article talks about) had at least three vulns in four years, if I recall. IIS6 has been out for 5+ years so far. Can you find me an exploitable vulnerability for it?

    You can answer when you're done trolling with a user name that looks suspiciously like mine. And isn't that amusing.

    --
    The twitter monologues. Click on my homepage and be amazed.