“Hundreds of thousands of Web sites – including several at the United Nations and in the U.K. government — have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software on visitors’ machines,” Brian Krebs reports for The Washington Post.
“The attackers appear to be breaking into the sites with the help of a security vulnerability in Microsoft’s Internet Information Services (IIS) Web servers,” Krebs reports.
“On Thursday, Spanish anti-virus vendor Panda Security said that it had alerted Microsoft that a flaw IIS was the cause of all the break-ins. When I asked Microsoft whether they’d heard from Panda or if the hundreds of thousands of sites were hacked from a patched or unpatched flaw in IIS, a spokesman for the company didn’t offer much more information,” Krebs reports.
“‘Microsoft is currently aware of and is receiving reports regarding public claims of attacks on IIS Web servers,’ said Bill Sisk, a security response manager at Microsoft, in a statement e-mailed to Security Fix. ‘While we have not be [sic] contacted directly regarding these reports, we will continue to monitor all reports either publically [sic] shared or responsibly disclosed and investigate once sufficient details are provided. We have not yet determined whether or not these reports are related to Microsoft Security Advisory (951306) released last week,'” Krebs reports.
“According to Finnish anti-virus maker F-Secure, the number of hacked Web pages serving up malicious software from this attack may be closer to half a million,” Krebs reports.
Full article here.
[Thanks to MacDailyNews Reader “RadDoc” for the heads up.]
MacDailyNews Take: UNIX 03 compliance, cross-platform capabilities, and no client-access licenses make Mac OS X Server v10.5 Leopard a rock-solid network foundation. Mac OS X Server v10.5 Leopard brings its enhanced multicore performance, astounding system improvements, and powerful new features to Xserve. Now you can easily set up and manage servers, add new clients to the network, share calendars, schedule meetings, and more. Leopard Server is built on a fully compliant UNIX foundation. This rock-solid core provides the stability, performance, and security that organizations require — and full UNIX conformance ensures compatibility with existing server and application software. An Open Brand UNIX 03 Registered Product, Mac OS X Server can compile and run all your existing UNIX code. So you can deploy it in environments that demand full conformance, complete with hooks to maintain compatibility with existing software. With out-of-the-box support for Mac, Windows, UNIX, and Linux clients, Xserve is the easiest way to provide powerful, innovative network and Internet services for multiplatform workgroups. And there are no client-access licenses, which means no extra fees. Leopard Server supports 64-bit addressing and large LUNs without requiring you to buy a special enterprise version. Buy Xserve with Mac OS X Server v10.5 Leopard Unlimited-Client Edition for just $2,999.