IIS Server Security - New IIS exploit?

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > June 2004 > New IIS exploit?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author New IIS exploit?
srock

2004-06-28, 7:33 pm

Looks like SANS (http://isc.incidents.org) is receiving reports of other
compromised IIS servers. Might want to check your servers.

Handlers Diary June 28th 2004
Updated June 28th 2004 13:53 UTC (Handler: Jim Clausing)
IWAP_WWW account on compromised IIS servers
Request for Information: IWAP_WWW account

We have received information about compromised systems with Internet
Information Server. These systems had an administrator level account with
the username 'IWAP_WWW' added.

Please check if your server has such an account and let us know what you
find. Until we know more, we suggest that you consider a server compromised
if you find and administrator account with this username.

-------------------------------------------------------------------
Johannes Ullrich, jullrich_at_sans.org


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com