|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Major Microsoft IIS attack predicted within week By David Hellaby, ZDNet Australia April 17, 2002 URL: http://www.zdnet.com.au/news/security/soa/Major-Microsoft-IIS-attack-predicted-within-week/0,130061744,120264646,00.htm
Businesses have been warned to brace themselves for a major attack on Microsoft Internet Information Servers within the next week. The warning, from Chris Rouland, the director of Atlanta-based anti-hacking group X-Force, follows the discovery of 10 new vulnerabilities in Microsoft's Internet Information Server. IIS is used by millions of machines worldwide and Rouland, who is currently visiting Australia, said he expects a new version of the notorious Nimda worm to appear within the next week. Hackers used Nimda to infect thousands of servers across the Internet and crippled numerous corporate networks in September last year. Once a system is infected with Nimda hackers can control it. Nimda - which is admin spelled backwards - uses several methods of spreading itself, including mass e-mail and attempting to copy itself to un-patched or already vulnerable Microsoft IIS Web servers. It is both a worm and a virus. A worm is self-propagating and spreads over networks to attack systems, but not files, while a virus infects individual machines and files. "It is like a multi-headed monster and you have to cut off all of its heads before you finally kill it," Rouland said. "I fully expect a new version to start doing the rounds within the next week to take advantage of the new vulnerabilities," he said. The US-based Computer Emergency Response Team (CERT) issued an international advisory on April 11 detailing 10 new vulnerabilities that had been discovered simultaneously by researchers in several countries. The more critical of the vulnerabilities are buffer overflow conditions that can allow an attacker to overwrite system memory on the targeted system. According to the Symantec Antivirus Research Centre (SARC), these will result in the IIS service crashing and a Denial of Service (DoS). "In the worst cases, an attacker could run arbitrary code on the targeted system. Additional access violation and Cross-Site Scripting vulnerabilities discovered can result in a Denial of Service against the targeted system or an attacker using the affected Web server as a platform from which to attack a third-party site," SARC said. Rouland said Microsoft had issued patches for the new vulnerabilities and anyone running IIS should install them immediately.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
