Ject/Scob Attack: IWAP_WWW account on IIS servers

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

http://www.incidents.org/diary.php?date=2004-06-28

We have received information about compromised systems with Internet Information Server. These systems had an administrator level account with the username IWAP_WWW added. Please check if your server has such an account and let us know what you find. Until we know more, we suggest that you consider a server compromised if you find and administrator account with this username.

Posted: Jun 28 2004, 01:49 PM by Harry Waldron | with 1 comment(s)

Comments

Harry Waldron said:

I have IWAP-WWW on my windows xp - it just appeared out of "no where" and I can't even access my "user account" in the control panel...so any suggestions?! Thanks in advance for your help!

# July 5, 2004 8:44 PM

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.

Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)