“Hundreds of thousands of Web sites – including several at the United Nations and in the U.K. government — have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software on visitors’ machines,” Brian Krebs reports for The Washington Post.
“The attackers appear to be breaking into the sites with the help of a security vulnerability in Microsoft’s Internet Information Services (IIS) Web servers,” Krebs reports.
“On Thursday, Spanish anti-virus vendor Panda Security said that it had alerted Microsoft that a flaw IIS was the cause of all the break-ins. When I asked Microsoft whether they’d heard from Panda or if the hundreds of thousands of sites were hacked from a patched or unpatched flaw in IIS, a spokesman for the company didn’t offer much more information,” Krebs reports.
“‘Microsoft is currently aware of and is receiving reports regarding public claims of attacks on IIS Web servers,’ said Bill Sisk, a security response manager at Microsoft, in a statement e-mailed to Security Fix. ‘While we have not be [sic] contacted directly regarding these reports, we will continue to monitor all reports either publically [sic] shared or responsibly disclosed and investigate once sufficient details are provided. We have not yet determined whether or not these reports are related to Microsoft Security Advisory (951306) released last week,'” Krebs reports.
“According to Finnish anti-virus maker F-Secure, the number of hacked Web pages serving up malicious software from this attack may be closer to half a million,” Krebs reports.
Full article here.
[Thanks to MacDailyNews Reader “RadDoc” for the heads up.]
MacDailyNews Take: UNIX 03 compliance, cross-platform capabilities, and no client-access licenses make Mac OS X Server v10.5 Leopard a rock-solid network foundation. Mac OS X Server v10.5 Leopard brings its enhanced multicore performance, astounding system improvements, and powerful new features to Xserve. Now you can easily set up and manage servers, add new clients to the network, share calendars, schedule meetings, and more. Leopard Server is built on a fully compliant UNIX foundation. This rock-solid core provides the stability, performance, and security that organizations require — and full UNIX conformance ensures compatibility with existing server and application software. An Open Brand UNIX 03 Registered Product, Mac OS X Server can compile and run all your existing UNIX code. So you can deploy it in environments that demand full conformance, complete with hooks to maintain compatibility with existing software. With out-of-the-box support for Mac, Windows, UNIX, and Linux clients, Xserve is the easiest way to provide powerful, innovative network and Internet services for multiplatform workgroups. And there are no client-access licenses, which means no extra fees. Leopard Server supports 64-bit addressing and large LUNs without requiring you to buy a special enterprise version. Buy Xserve with Mac OS X Server v10.5 Leopard Unlimited-Client Edition for just $2,999.
XSERVE ad right in the middle – CLASSIC!
Not that Microsoft ever has a good week, but this one has been bad even by their standards.
Heh, Bill Sisk can’t even write a proper sentence, which doesn’t give me great confidence in his management abilities!
A Mac mini, Leopard Server, and hosting in a good data center.
The perfect server for 95% of the people. Inexpensive and powerful.
I can only repeat myself:
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Doomed! M$ is doomed, once for all!
FYI
viewmymessage.com is down, wonder if it is IIS
I fscking hate viewmymessage it is the single biggest flaw of iphone
My support for Apple products has never been questioned or attacked, so I’ll say that it makes no sense to revel in the misfortune of MS. So how is it that disparaging MS, Bill Gates, or Baldy Balmer make Apple any better for the effort?
That’s my 2 pennies worth.
A unix based server running an OS like linux/bsd/OS X is the best there is.
[…] ‘While we have not be [sic] contacted directly regarding these reports, we will continue to monitor all reports either publically [sic] shared or responsibly disclosed […]’
For a brief horrifying moment I afraid that second “sic” typo was because the text read “we will continue to monitor all reports either pubically shared” – clearly, the story about the returned Dell laptop still lingers in the dark recesses of my mind…
Nothing is 100% save.
oh, it’s microsoft hahahahaha
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
All your servers are belong to us!! (sick)
Is this why, back at the beginning of ’06, M$ had to buy market share for IIS?
C.f.: Netcraft Web server market share data
Wot?! No blood on the X-server floor headline???
Hundreds of thousands of Microsoft web servers hacked; including government servers; Mac Xserves unaffected.
Ah but I heard a rumor from a friend of a MySpace friend that he saw on a security blog that Apple might be vulnerable to… something.
So I guess that means we should stick to Window$.
If your company relies on M$ servers then you might as well close the business down.
It’s like playing Russian Roulette – but with your data instead of a gun.
You know, these IT people need re-educating. Why would you use a M$ server in the first place? It’s always wide open to attacks. Not only is Mac OS X Leopard Server far more secure, it’s also easier to deploy and has far more features.
The headline in Computerworld:
“Microsoft: Massive site attacks not our fault
No bugs in IIS or SQL Server, says company”
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=development&articleId=9080678&taxonomyId=11&intsrc=kc_top
Denial is the first sign.
@Petey:
Couldn’t say that any better!!!!
There goes all that passion and potential out the window once a gain. One of the definitions for insanity is the expectation that you can do the same things over and over again yet expect different results.
the worst part of the viewmymessage.com is that it hardly works right on the actual iphone or from a computer. Maybe iPhone software 2.0 will help it.
Tommy,
Listen friend, don’t let the irony of you chastising us for calling people names go unnoticed.
MW: think. No shite!
Hundreds of thousands!! Hundreds of thousands!! Hundreds of thousands!! Hundreds of thousands!! Hundreds of thousands!! Hundreds of thousands!! Hundreds of thousands!! Hundreds of thousands!! Hundreds of thousands!! Hundreds of thousands!!
If your company relies on M$ servers then you might as well close the business down.
Don’t be absurd. The threat isn’t Microsoft, it’s the insurance industry.
However, if your company relies on government cheese, then you might as well close the business down cause you’ll be caught standing when the music stops; a great culling of the market place is forthcoming.
Keep your eye on the insurance industry though. There is a shitty little business arm of the industry, who are like scavengers that come in after the carnage to initiate damage control and preserve what’s left.
Some of these companies hire unscrupulous IT who can sift through a company’s data like tea leaves from which emerges a highly-accurate picture of not only the health of your company, but your employees too. Insurance companies see it as a proactive measure to protect their investment.
Think about it. The insurance industry is in bed with the medical industry and together they have access to just about every intimate aspect of this nations deepest, darkest secrets.
If an insurance company wanted to cull a company from the pack they need only find an area on the grid that is the weakest link. In this case it’s the IIS web servers.
Microsoft gets blamed in the press and the insurance industry recedes quietly back into the background.
Cue the organ music… curtain… house lights…