Careers & Certifications

12:00 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Blames Hackers, Not Vulnerability, For Web Attack

Security firms say the evidence is leading them to accept Microsoft's explanation that its Internet Information Services server software doesn't have an unknown vulnerability.

The Web attack that was stopped dead in its tracks on Friday when a Russian Web site was taken offline remained under investigation Monday by a host of security firms still puzzled over the method used to infect a number of Microsoft Internet Information Services servers. But the evidence now is leading them to accept Microsoft's explanation that the IIS 5.0 servers were hacked manually and that the server software doesn't have an unknown vulnerability.

"Nobody yet knows how these servers were infected," said Ken Dunham, director of malicious code research at iDefense. "But if it was a widespread vulnerability, how come there weren't more servers infected? If that was the case, we should have heard reports by now about lots of other computers" being infected with the malicious JavaScript code.

Microsoft released a statement Saturday claiming that the attack--which infected an unknown number of IIS servers, which, in turn, delivered malicious code to any Internet Explorer user who surfed sites hosted by those servers--"is not a worm or virus. In other words, this attack is a targeted manual attack by individuals or entities towards a specific server."

Symantec's Corp.'s research, said Oliver Friedrichs, a senior manager with the company's virus response team, also leans toward manual hacks. "That's what it looks like," he said. "It's certainly not a worm or an automated exploit."

Microsoft said that all the compromised servers were running IIS 5.0 unpatched against a vulnerability disclosed in April. Some security firms last week theorized that even patched IIS systems were vulnerable, but that now seems to have been a false alarm.

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed