Situation:Over 10,000 legitimate websites have been compromised and now have an iframe that will direct visitors to a malicious website hosted on 2117966.net. The malicious website attempts to exploit the vulnerability described in MS06-014 and a number of ActiveX vulnerabilities. Recommended immediate action:Block 2117966.net at your web proxy Recommended follow-up action:Inspect your web proxy logs for visitors to 2117966.net. This will indicate who is potentially exposed. Check these systems to verify that their patches are up-to-date. Systems that are successfully compromised will begin sending traffic to 61.188.39.175 Protecting Browsers:A properly-patched system should not be at-risk from this attack. It is recommened to use a browser that does not support ActiveX. Protecting Webservers:Until details become available on how the iframe was injected, we have no recommendations. Missing information:We currently do not have details on how the iframes were placed on the websites. If you are responsible for cleaning-up or investigating one of the defacements, please contact us if you have information on how the compromise occurred. |
Kevin Liston 292 Posts ISC Handler Mar 14th 2008 |
Thread locked Subscribe |
Mar 14th 2008 1 decade ago |
I see that various security researchers are debating the possibility of attackers using the caching feature of websites search software to add IFrame code to the saved search results on the sites.
Anyone come across this ? On the assumption that this is a possible attack vector, wouldn't an immediate response advice be to disable site search caching on your website search software pending further investigation ? |
Karl 14 Posts |
Quote |
Mar 14th 2008 1 decade ago |
You might want to mention, parenthetically, that MS06-014 should _not_ be confused with MS08-014, which was just announced earlier this week. Some folks might mis-read the first paragraph and get spun up over nothing.
|
Anonymous |
Quote |
Mar 14th 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!