Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Mass Infection of IIS/ASP Sites

Published: 2010-06-09
Last Updated: 2010-06-12 13:40:35 UTC
by Deborah Hale (Version: 1)
8 comment(s)

Sucuri.net has released a report about a large number of sites that have been hacked and contain a malware script.  A quick Google today indicates that
there are currently 111,000 sites still infected.  It appears that this  is only impacting websites hosted on Windows servers.  The situation is being investigated.

For those who are hosting there websites on Windows IIS/ASP you may find more information here.

 http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

http://nsmjunkie.blogspot.com/2010/06/anatomy-of-latest-mass-iisasp-infection.html - link removed...it triggers some Anti-virus.

 Update: Paul  at Sophos logs has released some additional information regarding this exploit and Infection. Thanks Paul.

 http://www.sophos.com/blogs/sophoslabs/?p=9941

Deb Hale Long Lines, LLC

8 comment(s)
Diary Archives