A massive cyber-attack is targeting vulnerable Internet Information Server based Web pages by redirecting visitors to the site toward one hosting malicious code, and it’s growing rapidly.
| A rapidly growing infestation is redirecting users from seemingly harmless Web sites to one that downloads malware onto their computers.
|
|
Unsure About an Acronym or Term? |
When Panda Security first noted the infestation, it put the number of infected IIS servers at 282,000. Less than a day later, security firm F-Secure wrote its own blog entry, putting the infestation at more than 500,000.
The worst part of it all is that these infestations are not in seamy Web sites, they are taking place in legitimate Web pages. An IFRAME redirects the user to another page, where identity-stealing malware is downloaded onto their computer. So even users who think they are staying clean are not safe.
“In the old days, you used to think if you went to the dark side of the Internet you had a chance of being infected. Now you don’t need to go to the bad neighborhoods to get attacked. You can be walking down the good side of the Internet and be infected,” said Ryan Sherstobitoff, chief corporate evangelist at Panda Security.
The vulnerability in IIS, developed by Microsoft, allows hackers to inject SQL code to manipulate legitimate Web pages. This code adds an IFRAME to redirect the user to a malicious Website that scans their computer for vulnerabilities and then downloads and installs malware that can get passed the user’s defenses.
|
Read More About IIS » Securing the Ramparts With IIS » Securing IIS Beyond the Web Server » IIS Takes Modular Approach With Windows Server 2008 » IIS vs. Apache, Looking Beyond the Rhetoric |
The problem affects only IIS, not Apache or other Web servers. Microsoft reportedly knows of the issue, said Sherstobitoff. The company has not responded to a query InternetNews.com on when a fix can be expected as of press time.
Sherstobitoff said the United States is being hardest hit, with government and public utility sites particularly popular. “They love anything that brings in victims,” he said.
Panda and F-Secure both identified a malicious piece of code being hidden in Web pages that does the redirect. Site admins should look for this hidden in their Web pages:
If that appears anywhere in the page, then you have a problem, as some people have noticed. Securing the server, updating all of the patches and proper configuration should help protect it until Microsoft comes out with a fix of its own, said Sherstobitoff.
This article was originally published on InternetNews.com.
Andy Patrizio is a freelance journalist based in southern California who has covered the computer industry for 20 years and has built every x86 PC he’s ever owned, laptops not included.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
