Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
One in Nine IIS Servers Compromised, Survey Says
Organizations are lax at patching holes that allow Code Red and Nimda worms to slither in.
Sam Costello, IDG News Service
One in nine servers running Microsoft's Internet Information Server has software installed on it that would allow attackers to take complete control of the system, according to a new survey by Web server information firm Netcraft.
The survey, conducted in October, found that 11 percent of all queried servers running IIS have the "root.exe" hacking program installed on them. That figure is up from the 8.5 percent found in September. Netcraft sends a monthly automated query to servers to discover information such as what software runs the server, what average server uptime is and what security flaws are present in servers. The October survey drew data from 33.1 million Web sites.
IIS security has come under particular scrutiny in recent months as at least half a dozen serious security flaws in IIS have been discovered since January, and two major Internet worms, Code Red and Nimda, have exploited those flaws to infect hundreds of thousands of IIS systems worldwide. Microsoft's own Hotmail servers became infected with the Code Red worm. IIS is bundled with Windows 2000, and is set by default to be enabled.
Although patches have been issued for all those security holes, not all vulnerable systems have had the patches applied, so both worms were able to cause substantial inconvenience and even forced some companies offline. A new Nimda worm appeared last week, exploiting the same flaws as the first Nimda, which evidently had not been patched on many servers.
Holes Proliferate
The presence of four other IIS security flaws rose from September to October, the survey found. The "Administration pages accessible" hole was present on 25 percent of machines, up from 17 percent in September; the "Sample pages and scripts" problem jumped from 17 percent to 26 percent of systems; the "Server paths revealed" flaw was found on 10 percent of systems, up from 8.5 percent; and 2.5 percent of systems were vulnerable to the Code Red worm, up from zero the month before.
The survey also found that a number of Web sites had moved from using IIS to competitor's products. Over the course of the month, more than 1500 sites moved from IIS to Zeus Technology's Web server, and more than 1700 moved to Netscape Communications' server. Open-source server Apache also gained substantial market share, Netcraft said. Netcraft also noted that a number of vendors offered promotions and discounts to entice IIS users to their products.
Patches for the security holes in IIS can be obtained at Microsoft's site.
Microsoft Office Home and Student 2007
Laptop Showcase
Featured APC Accessories
-
APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
-
APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.
People who read this also read:
Best Prices on Antivirus Software
Norton Antivirus 2010 (Full Product, 1 User)Price: $17.90
Norton AntiVirus 2009 (Full Product)Price: $15.72
Norton Antivirus 2010 (Full Product, 1 User)Price: $16.95
Anti-virus 2010 (OEM Product, 1 User)Price: $17.95
Anti-Virus 2009 (Full Product)Price: $17.00
Norton Antivirus 2010 (Full Product, 3 Users)Price: $37.00
-
Acer Laptop Center Forget the Mouse...check out the next generation multi-gesture touch screen technology from Acer.
-
Dell Shopping Center Check out great deals from Dell!
