[nsp-sec] webdev/iis worm rumblings

Smith, Donald Donald.Smith at qwest.com
Fri May 22 10:21:54 EDT 2009 

We are seeing the same type of activity reported via the sans handler's mailing list. "Defacements" they tend to be injections of malware or scareware if I recall correctly.



(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia   

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Matthew.Swaar at us-cert.gov
> Sent: Thursday, May 21, 2009 6:02 PM
> To: aaron at unitedlayer.com; nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] webdev/iis worm rumblings
> 
> ----------- nsp-security Confidential --------
> 
> 
> I've received some isolated reports of web defacements that were
> attributed to the IIS/Webdav issue, but nothing like what 
> you're asking
> about.
> 
> V/R,
> Matt Swaar
> US-CERT Analyst
> 
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of 
> Aaron Hughes
> Sent: Thursday, May 21, 2009 7:40 PM
> To: nsp-security NSP
> Subject: [nsp-sec] webdev/iis worm rumblings
> 
> ----------- nsp-security Confidential --------
> 
> I am hearing some rumblings about a distributed sequential IP attack
> _massive_ webdev/IIS worm. Anyone have any real data?
> 
> Cheers,
> Aaron
> 
> 
> -- 
> 
> Aaron Hughes
> Facility Security Officer
> +1-415-349-2128
> aaron at unitedlayer.com
> http://www.unitedlayer.com/
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
>

More information about the nsp-security mailing list