Friday, June 25, 2004

Security and PR disaster in progress

Dan Gillmor and Scripting News point to this story from Info World:

Microsoft Corp. acknowledged Thursday that Internet Information Server (IIS), a component of the Windows 2000 Server, and holes in the Internet Explorer Web browser are being used in widespread attacks that are compromising Web pages and using them as launching pads for malicious computer code. ...

The IIS vulnerability allows the attackers to place malicious files on the Windows 2000 machines and change a configuration setting called the "enable document footer" feature, which is used to append files, such as copyright statements or disclaimers, to the bottom of Web pages served by IIS. In the case of the latest attack, the malicious JavaScript files are appended as "footers" to every file on the Web site, Dunham said.

When Web surfers visit the site, the malicious JavaScript code is sent to the user's client machine, along with other Web site files, and run. For people visiting those sites, a combination of holes in Internet Explorer, one that has been patched by Microsoft and one that has not, is allowing malicious programs to be surreptitiously placed on customers' machines, Dunham said. The code redirects the user's Web browser to a Russian Web site from which a Trojan horse program is unknowingly downloaded and installed on the user's system, according to Johannes Ullrich, chief technology officer at the Internet Storm Center.

Microsoft Security

I just installed Mozilla. Works very nicely.

Network administrators seeking to prevent future diasters might want to look at Security Tracker.

No comments: