Huge Web hack attack infects 500,000 pages

Sites may have been compromised through a "security issue" in Microsoft's Web server software

Attacks on legitimate Web domains, including some belonging to the United Nations that began earlier this week, have expanded dramatically, security researchers said Friday, with hundreds of thousands of pages hacked by Friday.

One anti-virus vendor said the sites might have been compromised through a "security issue" in Microsoft's Web server software that has been reported to Microsoft's engineers.

Last week, several security companies, including California-based Websense, said large numbers of legitimate sites, including URLs for the U.N., had been hacked and were serving up malware. These latest site compromises were only the most recent SQL injection attacks, however; similar attacks have been launched since the first of the year, and were last detected in large numbers in March.

Earlier in the week, Dan Hubbard, Websense's vice president of security research, estimated the number of hacked sites in the low six figures. By today, that number had soared as firms such as Panda Security pegged the number at 282,000, and F-Secure said its infected-page count was above half a million.

Ryan Sherstobitoff, a corporate evangelist for Panda, said his company had reported a problem with Internet Information Services (ISS) to Microsoft that was probably responsible for the hacks. "We reported a security issue, but I don't have any specific details on whether it's a vulnerability," Sherstobitoff said.

"It's not like this is a brand-new problem," he said, referring to legitimate site compromises. "But Microsoft has already issued a security advisory that said they are investigating public reports of problems with IIS. This seems to be related to that advisory."

That advisory was published April 17, and warned users of a bug in most versions of Windows that could be exploited through custom Web applications running in IIS. It could also be exploited via SQL Server, Microsoft said.

On Friday, Microsoft said it did not know whether the ongoing site attacks were linked to the bug described in the April 17 advisory. "We have not yet determined whether or not these reports are related to Microsoft Security Advisory 951306 released last week," a company spokesman said in an e-mail.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Show Comments





Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?