InfoSec Handlers Diary Blog - Mass Infection of IIS/ASP Sites

SANS ISC: InfoSec Handlers Diary Blog - Mass Infection of IIS/ASP Sites

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

Mass Infection of IIS/ASP Sites

Published: 2010-06-09
Last Updated: 2010-06-12 13:40:35 UTC
by Deborah Hale (Version: 1)

Sucuri.net has released a report about a large number of sites that have been hacked and contain a malware script. A quick Google today indicates that
there are currently 111,000 sites still infected. It appears that this is only impacting websites hosted on Windows servers. The situation is being investigated.

For those who are hosting there websites on Windows IIS/ASP you may find more information here.

http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html

http://nsmjunkie.blogspot.com/2010/06/anatomy-of-latest-mass-iisasp-infection.html - link removed...it triggers some Anti-virus.

Update: Paul at Sophos logs has released some additional information regarding this exploit and Infection. Thanks Paul.

http://www.sophos.com/blogs/sophoslabs/?p=9941

Deb Hale Long Lines, LLC

Keywords: IIS ASP Injection

8 comment(s)

Top of page

Diary Archives