Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Major Internet Attack Under Way: Page 3 of 5

Security researchers say it's not yet clear how the attackers have compromised these Web sites. "It'll take some considerable forensic examinations," says Alfred Huger, senior director of engineering for Internet security firm Symantec.

It appears that the attackers are compromising Web servers running Microsoft's Internet Information Services, either because they aren't patched or through a newfound software vulnerability.

Web surfers who visit infected sites are infected via gif images or other Web-site objects that have malicious code attached to them, including keystroke loggers and Trojan horse applications.

"Our big concern is that there is a zero-day vulnerability in IIS," Sachs says.

Microsoft is investigating the attacks. The software vendor issued a statement saying that "at 4:00 pm PT [Thursday], Microsoft began investigating reports that some customers running unprotected versions of IIS 5.0, a component of Windows 2000 Server, were being targeted."