The National Infrastructure Protection Center (NIPC)-- a coordinated effort between the U.S. Department of Justice, the FBI, and several other government agencies -- cited "an increase in hacker activity specifically targeting U.S. e-commerce systems" as the reason for the advisory, which was issued on Friday.
"The hackers are exploiting at least three known system vulnerabilities to gain unauthorised access and download proprietary information," stated the advisory. "Although these vulnerabilities are not new, this recent activity warrants additional attention by system administrators."
The agency could not be reached Monday for further comment on the advisory.
Three strikes
Most of the network intrusions have taken advantage of flaws in server software from Microsoft, including all three detailed in the NIPC advisory.
The first, almost three years old, is a known problem with the default configuration of the Remote Data Service in Microsoft's popular Internet Information Server. The bug allows network attackers to gain information about the server and run system commands.
The so-called "RDS flaw" topped the list of ZDNet News bugs in 1999.
The second flaw affects Microsoft's SQL (Structured Query Language) database software or the Microsoft Data Engine. Known as the "SQL Query Abuse," the flaw allows customers to submit queries and download information contained in a site's database. For e-commerce sites, this could expose credit card records or other personal customer data to online vandals and thieves.
Invaders could take advantage of certain improperly set file permissions to gain full access to a server in the third flaw out lined by the NIPC.
Advisory needed?
System Administrators have been alerted in the past to the potential threat of the flaws by the NIPC and Microsoft. This latest advisory targets those who may not keep up-to-date on software flaws.
"They are talking to a different audience," said Russ Cooper, of security specialists TruSecure. "Maybe they have said to themselves, 'We have never told other people this very well.'"











