Panda software, a developer of security systems and anti-virus software has raised the alarm regarding a massive cyber attack on vulnerable IIS Server based web pages. The malware once it gets in re-directs users to malicious sites from totally legitimate web sites. The infection grew from less than half a million infected servers to almost double that which is quite fast for a specific type of malware. Most developers who employ “code scrubbing”, which is removing information as it is saved into an SQL database are easy prey and are the intended target of the massive attack that is still taking place. An I frame is inserted to redirect users to malicious sites that can lead to identity thefts even with the users not knowing about it.
The attack is centered on Microsoft’s IIS web Server in particular ASP pages that have very strong ties to SQL databases. Panda and Fsecure have both identified the hidden code (“) that can be deep in their web pages and advises them to look for the string that re-directs people to other sites. Users and Site Administrators are advised to get all updates from Microsoft to remedy the problem and to halt the spread of this attack once and for all.
All this to bug people who use the web all over the world, in the never ending battle between hackers and those who are up to take them head on.