« Web designers of the world, why standards are good, and why not IE6… | Home | Accessibility and cross browsing testing (I part) »
By ijoselito | April 28, 2008
"Hundreds of Thousands of Microsoft Web Servers Hacked"
We have more news about the reports of hundreds of thousands of attacks to MS servers on the week. Apparently websites as important as some UK government sites and the United Nations website have been attacked by hackers in the last month. The hackers have been using code that tries to exploit a security flaw in Microsoft Windows to install malicious software on visitor’s machines, The Washington Post reports.
Several anti-virus and security companies have reported the issue to MS months ago but the vulnerability is still there and the hackers are taking advantage of the situation. In their article the mentioned source comments:
"The attackers appear to be breaking into the sites with the help of a security vulnerability in Microsoft’s Internet Information Services (IIS) Web servers. In an alert issued last week, Microsoft said it was investigating reports of an unpatched flaw in IIS servers, but at the time it noted that it wasn’t aware of anyone trying to exploit that particular weakness."
Dancho Danchev is an independent security analyst, he advices:
"all of the hacked sites appear to have Javascript coding adding to their page source that silently pulls down malware from a few domains in China, namely nihaorr1.com, and haoliuliang.net.
Needless to say, if you run a Google search for these sites you will find tens of thousands that contain the script that redirects any visitors to these malicious sites. I would strongly urge people to steer clear of those sites: I mention them here so that Web site owners can more easily search the HTML code in their pages for these domains.
There are indications that this attack is coming in waves, with the bad guys swapping in new malicious downloader sites every few days. According to posts on an IIS user forum, Web site administrators first saw signs of this attack on April 17, the day before Microsoft issued its initial advisory on the IIS vulnerability.
If you run your site with IIS, please take a moment to consider applying the workarounds in the Microsoft advisory for your version of IIS. Also, that IIS.net post I mentioned earlier has some great tips to help administrators lock down their systems.
These types of attacks that infiltrate legitimate, trusted Web sites are precisely the reason I so often recommend Firefox over Internet Explorer. There is a great add-on for Firefox called “noscript,” which blocks these kinds of Javascript exploits from running automatically if a user happens to visit a hacked site. Currently, there is no such protection for IE users, and disallowing Javascript entirely isn’t really an option on today’s World Wide Web. True, you can fiddle with multiple settings in IE to add certain sites to your “Trusted Zone,” but that option has never struck me as very practical or scalable."
Tags: interesting |
Comments
You must be logged in to post a comment.