Patches Aren't Enough. Did you know that credit card numbers and other personal data can easily be stolen from 1 out of every 8 e-commerce web sites (those running SSL) on a Microsoft IIS web server?
And did you know that just installing the most-recent patches from Microsoft won't solve the problem? That's because even after the Code Red II and sadmind/IIS worms are removed, they leave a file called root.exe, which "allows anyone on the internet to have commands on the machine executed with web server privileges, and can typically be used to set up logging of credit card information and other sensitive data on SSL servers. This has created a new class of ecommerce site which has been correctly patched for known server vulnerabilities, but have a live backdoor facility enabling attackers to continue to remain in control of the machine."
Netcraft found that 12% of all Microsoft IIS web servers are still vulnerable by virtue of having a root.exe file. [diveintomark]
If youre web site is hosted on an IIS server, installing patches isn't enough. Make sure your web-hosting service or sysadmins find and delete root.exe.
Posted Monday, September 10, 2001 10:08:29 AM