IIS Server Security - Re: Virus in IFRAME injected into our ASP pages (downloader trojan on client)

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > December 2006 > Re: Virus in IFRAME injected into our ASP pages (downloader trojan on client)





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: Virus in IFRAME injected into our ASP pages (downloader trojan on client)
dcote@dgmdata.com

2006-12-11, 1:18 pm

We had to reinstall IIS on the server and it did the trick.

By the way, we tried windows defender and windows removing tools, both
didn't found anything. And after our tests, IIS was really compromise.
Any website running asp or aspx pages inject the iframe code. The hack
seems to have been at the core of IIS. ASAPI filter desactivation
didn't do the trick.

Any idea anyone what it was?


Leythos a =E9crit :

> In article <uelbG$kGHHA.924@TK2MSFTNGP02.phx.gbl>,
> PaulOliver@noemail.noemail says...
>
> The reason that Symantec didn't detect it on the server is because the
> threat (malware) is not on your server, it's on the remote server.
>
18-4323-99[vbcol=seagreen]
>
> Put a real firewall in front of your server, block all foreign subnets
> not required, rename the administrator account and disable all accounts
> not needed, patch the server, etc... Follow ALL of the recommendations
> that secure your server.
>
> What services, other than HTTP did you expose?
>=20
> --=20
>=20
> spam999free@rrohio.com
> remove 999 in order to email me

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com