Gov't Warns of Major Web Attack [Archive] - Glock Talk

PDA

View Full Version : Gov't Warns of Major Web Attack


David_G17
06-24-2004, 21:17
http://www.foxnews.com/printer_friendly_story/0,3566,123712,00.html

Gov't Warns of Major Web Attack

Thursday, June 24, 2004

CHICAGO Government and industry experts warned late Thursday of a mysterious, large-scale Internet attack against thousands of popular Web sites. The virus-like infection tries to implant hacker software onto the computers of all Web site visitors.

Industry experts and the Homeland Security Department (search) were studying the infection to determine how it spreads across Web sites and find adequate defenses against it.

"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the government warned in one Internet alert.

The mysterious infection appeared to target at least one recent version of software by Microsoft Corp. (search) to operate Web sites, called its Internet Information Server, popular among businesses and organizations.

A spokesman for Microsoft declined to comment immediately.

Experts said the attack's effects were unusually broad but weren't substantially interfering with Internet traffic.

"While this is significant, it has no impact on the operation of the Internet," said Marcus Sachs, who helps run the industry's Internet Storm Center (search) in Bethesda, Md.

Experts urgently recommended consumers and corporate employees to update the antivirus software on their computers, since the latest versions can immunize visitors to infected Web sites.

The infected Web sites attempt to implant on visitors' computers hacker software that allows others to use their computers to surreptitiously route Internet spam e-mails.

David_G17
06-24-2004, 21:19
~yawn~

step one...

4TS&W
06-24-2004, 21:26
My GT display looks funky for some reason.... is this why??? ;P

mpol777
06-25-2004, 12:59
Exactly my reaction. *YAWN*


...target at least one recent version of software by Microsoft Corp. ...


Is anyone actually shocked by this?

HerrGlock
06-25-2004, 13:09
Is anyone else running trusted Solaris and not particularly concerned about their servers being infected?

;f

grantglock
06-25-2004, 15:17
Trying 65.174.244.51...
Connected to siebrecht.us.
Escape character is '^]'.
HEAD / HTTP/1.0


HTTP/1.1 200 OK
Date: Fri, 25 Jun 2004 21:12:03 GMT
Server: Apache/2.0.48 (Unix) PHP/5.0.0RC2
X-Powered-By: PHP/5.0.0RC2
Set-Cookie: lang=english; expires=Sat, 25-Jun-2005 21:12:11 GMT
Connection: close
Content-Type: text/html; charset=ISO-8859-1

HerrGlock
06-25-2004, 16:14
Originally posted by grantglock
Trying 65.174.244.51...
Connected to siebrecht.us.

http://www.siebrecht.us was running Apache on Linux when last queried at 25-Jun-2004 22:07:46 GMT

Linux Apache/2.0.48 (Unix) PHP/5.0.0RC2

I like it. How do you like the Apache 2.x setup? Did you have to change much for it?

DanH

grantglock
07-20-2004, 10:47
I like it, I didn't do an upgrade from version 1 so I didn't have to change anything. That is just a box that I mess around on so I change apps to the latest beta versions all the time.

gudel
07-20-2004, 11:11
what is this, another red alert?

SamBuca
07-20-2004, 13:56
Originally posted by grantglock
I like it, I didn't do an upgrade from version 1 so I didn't have to change anything. That is just a box that I mess around on so I change apps to the latest beta versions all the time.
Unfortunately it's a pain in the neck on a Debian system since Debian stable has hideously outdated libraries and development tools. Not even close to the requirements of Apache 2.x or PHP 5.x.

physicsdevil
07-22-2004, 13:57
Originally posted by grantglock

X-Powered-By: PHP/5.0.0RC2


http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0594

Not exploitable yet, but with heap overflows, it's just a matter of time.