Dennis Forbes' new IIS hole?
A few days ago Dennis Forbes described strange behavior of his IIS install that was apparently from a virus or outright hack. Nobody seemed to have any information about it then. Saw this article today that gives a little bit more information:
I hope my banks are safe.
A more detailed article from news.news.news.com.com.com:
The full URL, for those who don't trust TinyURL:
If http://www.microsoft.com/security/incident/download_ject.mspx is to be believed, this is caused by unpatched IIS boxs.
Well, I feel better now knowing that MS04-011 is to blame ... if there had been a new IIS-specific hole that I (and MS) wasn't aware of, that nightmare scenario I'd been looking for would've been a short time coming.
Let me clarify that it wasn't my box that was compromised, and I wasn't being facetious when I claimed that it was a friend's (in fact it has been very frustrating because many of things that I would have checked I have been unable to - logs, ownerships and creation times of files, patch states, etc). It sounds that it is specifically a SSL exploit, apparently patched by the above mentioned fix. Note that in my other message I indicated that there are reports that Microsoft has had servers compromised.
"If http://www.microsoft.com/security/incident/download_ject.mspx is to be believed, this is caused by unpatched IIS boxs."
"Wouldn't it be ironic if going to their site to read about the virus, actually infects your computer with the virus."
Fog Creek Home