Thu, Jun 24 2004 18:09
Keep an eye out guys [and gals], there's something up on the 'Net.....
UPDATE - What You Should Know About Download.Ject:
I normally have as my “home” page the Incidents.org web page. Today they are indicating that there is a possible Spam/vulnerability attack going on.
SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis:
I recommend that you check out the posting and in particular.....
Our concern is that there might be an IIS zero-day floating around. We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched.
[original diary entry follows]
A reader pointed us to an IIS discussion group (microsoft.public.inetserver.iis.security) where several IIS administrators discovered some strange .dll files on their web servers in the past 24 hours. According to the discussion on that list, they are all 1kb .dll files. They were deposited in the \winnt\system32\inetsrv directory with names like iis7xy.dll where x is a random number that appears to be between 1-3 and y is a random character or number."
Don't use your server as a workstation. Don't introduce an unnecessary threat by surfing at your server. Be safe. Be paranoid.
Filed under: Security