More than 100 Web servers running Microsoft's Internet Information Services software are still infected with malicious code that was part of a widespread Internet attack, known as Scob, or Download.ject, that began two weeks ago, a security researcher says.
Dan Hubbard director of security and technology research at Websense Inc., a maker of employee Internet management and content protection software, says he spotted the 100-plus sites when the firm conducted its routine study of roughly 24 million Web sites for malicious code and possible Web-based attacks.
The Scob attack first surfaced the week of June 21 when security researchers began warning that thousands of hacked Web sites were infected with malicious software and that those servers placed Web surfers at risk to attack.
It's widely thought that Russian hackers were behind the attack, which took advantage of unpatched Web servers running Microsoft IIS software version 5.0 as well as several vulnerabilities within Internet Explorer. One of the Internet Explorer vulnerabilities the hackers exploited didn't have a patch, or a fix, at the time of the attack.
Web surfers who visited infected Web sites where themselves infected with hacker tools designed to steal personal information and send it to a computer Internet address located in Russia, which was quickly shut down by Internet service providers.