Protect your IIS Server from attack.

Recent articles such as the article here  and Sans article here report that there is currently a cyberattack underway targeting vulnerable Internet Information Server-based Web pages by redirecting visitors to the site toward one hosting malicious code, and it's growing rapidly.

The malicious code  uses search engines in order to find potentially vulnerable applications and then tries to exploit them. The exploit just consisted of an SQL statement that tried to inject a script tag into every HTML page on the web site. More specifically they appear to be SQL injecting IFRAMEs into the vulnerable servers, those IFRAMEs contain the malicious code.

The problem is apparently centered around IIS Web server because the hackers are targeting Microsoft's ASP pages which use SQL Server.

To protect your web servers from these attacks ensure that your web server code is not vulnerable to SQL injection attacks by reviewing your code or by using VS integrated security tools from VSIP Security Partners as listed here .

The tools most likely to be of use to you are Fortify SCA, HP DevInspect, and Ounce Security Analyst. 

 If you use VSTS Team Foundation Server (TFS) consider tools that integrate with TFS so that source code scanning can be enforced by policy as part of code checkin, build or on a scheduled basis.

Also the Sans article here contains a list of on-line resources to help you how to check your applications and make sure that they are not vulnerable.

Also it is always good practice to ensure that your web servers are up-to-date with all patches although this will not protect you from SQL injection attacks resulting from poorly written code.

Hope this helps


Skip to main content