[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: RE: Potential Web Services Threat
From: "Sireika, James" <JSireika () azerty ! com>
Date: 2004-06-28 19:21:19
Message-ID: 210DF55DED65B547896F728FB057F3B20413E1FE () seaver ! ussco ! com
[Download RAW message or body]
From sans:
We have received information about compromised systems with Internet
Information Server. These systems had an administrator level account with
the username 'IWAP_WWW' added.
Please check if your server has such an account and let us know what you
find. Until we know more, we suggest that you consider a server compromised
if you find and administrator account with this username.
http://isc.sans.org/
-----Original Message-----
From: Peter Kruse [mailto:pkr@csis.dk]
Sent: Monday, June 28, 2004 2:19 PM
To: Patch Management Mailing List
Subject: SV: Potential Web Services Threat
Hi Lee,
Since no one really knows the attack vector being used to compromise these
servers it´s hard to tell for sure. Microsoft blames (MS04-011) since
affected servers was not proberly updated. The MS warning can be found here:
http://www.microsoft.com/security/incident/download_ject.mspx
I have not come across any reports that indicates creation of user accounts,
but then again everything is really possible.
A good and detailed writeup of this threat can be found at Symantec´s
website:
http://tms.symantec.com/documents/040624-Alert-CompromisedIISServerReports.p
df
As a sidenote more than 600 servers are still infected with JS.Scub accoring
to Cyveillance, Inc. A pressrelease can be found at this URL:
http://www.cyveillance.com/web/newsroom/press_rel/2004/2004-06-28.htm
Kind regards
Peter Kruse
http://www.csis.dk
>-----Oprindelig meddelelse-----
>Fra: Lee Birchmore [mailto:lbirchmore@gciuk.com]
>Sendt: 28. juni 2004 18:58
>Til: Patch Management Mailing List
>Emne: RE: Potential Web Services Threat
>
>
>Do you have any other info........i.e. one website is saying that a
>dummy user is created
>
>-----Original Message-----
>From: Gerritz, Jonus (Contractor)
>[mailto:Jonus.Gerritz@usmint.treas.gov]
>Sent: 24 June 2004 19:26
>To: Patch Management Mailing List
>Subject: Potential Web Services Threat
>
>
>
---
To unsubscribe send a blank email to
leave-patchmanagement@patchmanagement.org
---
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic