Web Sites Still Infected - InformationWeek
Software // Enterprise Applications
07:59 PM

Web Sites Still Infected

More than 100 Web sites infected two weeks ago with malicious code still haven't cleaned up their servers, a security research report says.

More than 100 Web servers running Microsoft's Internet Information Services software are still infected with malicious code that was part of a widespread Internet attack, known as Scob, or Download.ject, that began two weeks ago, a security researcher says.

Dan Hubbard director of security and technology research at Websense Inc., a maker of employee Internet management and content protection software, says he spotted the 100-plus sites when the firm conducted its routine study of roughly 24 million Web sites for malicious code and possible Web-based attacks.

The Scob attack first surfaced the week of June 21 when security researchers began warning that thousands of hacked Web sites were infected with malicious software and that those servers placed Web surfers at risk to attack.

It's widely thought that Russian hackers were behind the attack, which took advantage of unpatched Web servers running Microsoft IIS software version 5.0 as well as several vulnerabilities within Internet Explorer. One of the Internet Explorer vulnerabilities the hackers exploited didn't have a patch, or a fix, at the time of the attack.

Web surfers who visited infected Web sites where themselves infected with hacker tools designed to steal personal information and send it to a computer Internet address located in Russia, which was quickly shut down by Internet service providers.

Web surfers didn't need to click on a link or an attachment to get infected in this attack; simply visiting a compromised Web site was enough.

While the attack targeted sites running IIS 5.0, Hubbard says the majority of the remaining infected systems are now running version 6.0.

It's not a new attack on version 6.0, says Hubbard, but rather Web site operators are upgrading to IIS version 6.0 on top of their infected IIS 5.0 systems.

While Hubbard won't name the infected Web sites, the reaction he got from the 25 or so sites he managed to contact was unsettling. "The majority were not even aware of the Scob attack," he says. "They had no idea any of this was going on. Only one person was up on what is happening in the security world," he says.

While this attack was thwarted by shutting down the hacker system that collected end-user information, more copycat attacks are likely, experts warn.

Microsoft on July 2 issued a "configuration change" designed to plug the unpatched Internet Explorer security hole targeted in the Scob attack. However, security researchers this week say they've found ways to bypass the workaround and successfully attack fully patched versions of Internet Explorer.

Microsoft said last Friday that the configuration change was a temporary solution and that the software company would be releasing more thorough Internet Explorer fixes in coming weeks.

Microsoft is scheduled to release this month's batch of security updates on July 13.

The software maker has published a page dedicated to keeping consumers and corporate customers up to date about the download.ject attacks. It can be found here.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll