US-CERT warns of compromised web sites


US-CERT said Thursday that it was tracking malicious activity involving compromised web sites running Microsoft's Internet Information Services (IIS) 5.0 and possibly affecting users who visit the sites.

The compromised web sites append JavaScript to the bottom of web pages. When executed, the JavaScript tries to access a file hosted on another server, according to US-CERT.

"This file may contain malicious code that can affect the end user's system," the agency said in its advisory.

US-CERT said it is investigating the source of the attacks and the impact of the code that's downloaded to the users' systems.

The agency advised web server administrators running IIS 5.0 to ensure no unusual JavaScript is attached to the bottom of web pages from their servers.

Microsoft said it also is investigating the attacks. Web servers running Windows 2000 Server and IIS that don't have a patch that Microsoft issued in April may be compromised and try to infect the systems of Internet Explorer users, the company said.

The company advised users to make sure they've installed all critical Windows updates and to increase the security of their browser settings.

The web server attacks are "another example of why end users must exercise caution when JavaScrip is enabled in their web browser," US-CERT said.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.