Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: ocean10000
There's a large-scale attack underway that is targeting Web servers running Microsoft's IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there's no clear indication of who's behind the campaign right now.
Some analyses of the IIS attack suggest that it is directed at a third-party ad management script found on these sites.
[edited by: Brett_Tabke at 1:45 pm (utc) on Jun 12, 2010]
[edit reason] added sucuri.net link [/edit]
2010-06-07 13:31:15 W3SVC1 webserver 192.168.1.10 GET /page.aspx utm_source=campaign&utm_medium=banner&utm_campaign=campaignid&utm_content=100×200′;dEcLaRe%20@s%20vArChAr(8000)
...6F523B2D2D%20eXEc(@s)– 80 – 121.xx.#*$!.xx HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) –
- www.example.com 200 0 0 32068 1685 0
[edited by: marcel at 8:24 pm (utc) on Jun 11, 2010]
Anyone running IIS should make sure they are safe.