April 28, 2008 – (HOSTSEARCH.COM) – A hack attack reported only last week by Panda Security (http://www.pandalabs.com) as breaching the security of around 280,000 web pages, has now impacted around 500,000 web pages, a number of sources have suggested.
Reports suggest sites affected by the attack include United Nations websites. The attack leaves malware on sites through SQL injection allowed by a problem with Internet Information Services (ISS). According to Panda, the problem has been reported to Microsoft.
"It's not like this is a brand-new problem," Ryan Sherstobitoff of Panda was reported as saying. "But Microsoft has already issued a security advisory that said they are investigating public reports of problems with IIS. This seems to be related to that advisory." This was, however, disputed by Microsoft.
"Microsoft is currently aware of and is reviewing reports regarding public claims of attacks on IIS web servers," Bill Sisk of the Microsoft Security Response Center was reported as saying. "While we have not been contacted directly regarding these reports, we will continue to monitor all reports either publicly shared or responsibly disclosed and investigate once sufficient details are provided."
Visitors coming to a compromised page are redirected to a page hosted on the hacker’s server. Multiple-strike attack kits are downloaded onto visitors’ PCs and eight exploits initiated, one of which hijacks the PC’s system.
