It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Microsoft security update: 'Limited' IIS server cyberattacks spotted

page: 1
0

log in

join
share:

posted on Sep, 4 2009 @ 02:14 PM
link   
Something weird was happening earlier today with my PC, I kept getting these fuzzy lines across my screen approximately every 5-10 minutes and couldn't work out what was causing it, until I pressed the 'Print Screen' button that is, and I noticed it happen again and again every time I pressed it, but for some reason it now seems to be fine and has now stopped doing it. Can anyone explain to me what that was?

I did a search on Google but couldn't find an explanation for the problem but found this report, that says:


Microsoft has updated a security bulletin about a flaw in older versions of Internet Information Services (IIS) due to "limited" attacks on the vulnerability occurring in the wild. Microsoft said a new proof of concept published allows for denial-of-service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service.

Source

Could that have anything to do with it?

Could it be because I use the older flawed version IIS, could that be allowing screen shots to be taken and uploading Jpg's via an FTP onto a remote server without my knowledge? Is that possible?

[edit on 4-9-2009 by ChemicalSubstance]




posted on Sep, 4 2009 @ 02:35 PM
link   
If you are experiencing a situation where it appears that a Print Screen is being taken at regular intervals it sounds like you have a program running such as Autoscreenshot. Such tools are commonly used by Gamers, but I suppose someone could use something similar for Spyware (although Keystroke Loggers would be more reliably effective and easier to hide).

And yes, they could modify such a program to send images via FTP.

However, if you are running IIS & FTP Server without it being Firewalled, you could be vulnerable to the DDOS Proof-of-Concept Vulnerability in the link you provided, but what you are experiencing is not a DDOS Attack.

What I would do would be the following:

  1. CTRL+ALT+DEL to bring up your Task Manager. See if anything is running in the Processes Tab that shouldn't be (be sure to mark "Show processes from all users").
  2. Get a copy of Spybot Search & Destroy, update it after installing it, and then run it.
  3. Run an online Virus Scan. Many of the Spyware/Malware out there will disable your Virus Scanner although it appears to be working. For this reason every manufacturer offers free online Virus Scanning.
  4. If you are knowledgeable enough about Windows System Files and the Windows Registry, get HijackThis and run it. This will allow you to manually remove things that should not be running on your computer.
  5. Run a Port Monitor or Traffic Monitor (or use a Packet Sniffer). If packets are leaving or entering a Port that shouldn't, reroute that traffic in your HOSTS file to 127.0.0.1 (loop-back address) and then track down what is causing that traffic and stop it (you can get a basic list of open ports and communication by running "netstat -abvo").


[edit on 4-9-2009 by fraterormus]



 
0

log in

join