New IE\IIS combo attack, shell.application
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
The unhappy-making 
news is here, the link below is all I know about this one right now that can be put in simple words-- so far:
http://www.eweek.com/article2/0,1759,1620855,00.asp?kc=ewnws070804dtx1k0000599
However, some IIS servers were attacked in the last couple of days, and through an exploit of an ActiveX vuln other than just the Download.ject vuln, have infected client computers with trojans, keyloggers, etc, fed from those servers. News broke publicly LATE yesterday, thus yesterday's date on above link result. Neither eWeek nor this site, AFAIK, runs IIS server hosting ware at all. So far, only IIS servers and IE equipped client boxes are directly involved as victim boxes in this one.
news is here, the link below is all I know about this one right now that can be put in simple words-- so far:http://www.eweek.com/article2/0,1759,1620855,00.asp?kc=ewnws070804dtx1k0000599
However, some IIS servers were attacked in the last couple of days, and through an exploit of an ActiveX vuln other than just the Download.ject vuln, have infected client computers with trojans, keyloggers, etc, fed from those servers. News broke publicly LATE yesterday, thus yesterday's date on above link result. Neither eWeek nor this site, AFAIK, runs IIS server hosting ware at all. So far, only IIS servers and IE equipped client boxes are directly involved as victim boxes in this one.
0
Comments