New IIS exploit?

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > New IIS exploit?

Last Thread Next Thread Next

New IIS exploit?

srock

06-29-04 12:33 AM

Looks like SANS (http://isc.incidents.org) is receiving reports of other
compromised IIS servers. Might want to check your servers.

Handlers Diary June 28th 2004
Updated June 28th 2004 13:53 UTC (Handler: Jim Clausing)
IWAP_WWW account on compromised IIS servers
Request for Information: IWAP_WWW account

We have received information about compromised systems with Internet
Information Server. These systems had an administrator level account with
the username 'IWAP_WWW' added.

Please check if your server has such an account and let us know what you
find. Until we know more, we suggest that you consider a server compromised
if you find and administrator account with this username.

-------------------------------------------------------------------
Johannes Ullrich, jullrich_at_sans.org

[ Post a follow-up to this message ]

Most Popular forums

Apache Server	MySQL for Windows	Sendmail
Red Hat Networking	SuSe Linux	Debian Linux
FreeBSD administration	Sun Solaris administration	Unix Shell programming
WebSphere Portal Server	Exchange 2000 administration	PostgreSQL administration
Linux Security	Computer Security	Firewalls

Forum Jump:

Forum Rules:

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF

Medical and Health forum | Computer Games Reviews | Graphics design forum

Automated OffSite Backup	Shopping Cart Software
RAM Memory Upgrades

Syndicate this forum via XML or simple JavaScript feed

Home | Usercp | Faq | Register