Web Sites Still Infected - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Web Sites Still Infected

More than 100 Web sites infected two weeks ago with malicious code still haven't cleaned up their servers, a security research report says.

More than 100 Web servers running Microsoft's Internet Information Services software are still infected with malicious code that was part of a widespread Internet attack, known as Scob, or Download.ject, that began two weeks ago, a security researcher says.

Dan Hubbard director of security and technology research at Websense Inc., a maker of employee Internet management and content protection software, says he spotted the 100-plus sites when the firm conducted its routine study of roughly 24 million Web sites for malicious code and possible Web-based attacks.

The Scob attack first surfaced the week of June 21 when security researchers began warning that thousands of hacked Web sites were infected with malicious software and that those servers placed Web surfers at risk to attack.

It's widely thought that Russian hackers were behind the attack, which took advantage of unpatched Web servers running Microsoft IIS software version 5.0 as well as several vulnerabilities within Internet Explorer. One of the Internet Explorer vulnerabilities the hackers exploited didn't have a patch, or a fix, at the time of the attack.

Web surfers who visited infected Web sites where themselves infected with hacker tools designed to steal personal information and send it to a computer Internet address located in Russia, which was quickly shut down by Internet service providers.

Web surfers didn't need to click on a link or an attachment to get infected in this attack; simply visiting a compromised Web site was enough.

While the attack targeted sites running IIS 5.0, Hubbard says the majority of the remaining infected systems are now running version 6.0.

It's not a new attack on version 6.0, says Hubbard, but rather Web site operators are upgrading to IIS version 6.0 on top of their infected IIS 5.0 systems.

While Hubbard won't name the infected Web sites, the reaction he got from the 25 or so sites he managed to contact was unsettling. "The majority were not even aware of the Scob attack," he says. "They had no idea any of this was going on. Only one person was up on what is happening in the security world," he says.

While this attack was thwarted by shutting down the hacker system that collected end-user information, more copycat attacks are likely, experts warn.

Microsoft on July 2 issued a "configuration change" designed to plug the unpatched Internet Explorer security hole targeted in the Scob attack. However, security researchers this week say they've found ways to bypass the workaround and successfully attack fully patched versions of Internet Explorer.

Microsoft said last Friday that the configuration change was a temporary solution and that the software company would be releasing more thorough Internet Explorer fixes in coming weeks.

Microsoft is scheduled to release this month's batch of security updates on July 13.

The software maker has published a page dedicated to keeping consumers and corporate customers up to date about the download.ject attacks. It can be found here.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How COVID is Changing Technology Futures
Jessica Davis, Senior Editor, Enterprise Apps,  7/23/2020
Slideshows
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
Commentary
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
Slideshows
Flash Poll