Update: U.S. Army denies hacking
Attack used IIS vulnerability
Follow @infoworldA March 10 computer attack on a server run by the U.S. Army using the recently disclosed Microsoft Internet Information Server (IIS) vulnerability resulted in the complete compromise of that machine and may herald the advent of a new worm in the very near future, according to security company TruSecure.
The incident was an instance of a rare "zero day" attack, in which an as-yet unreported vulnerability is used to compromise a remote system, TruSecure said.
The targeted server was a publicly addressable IIS server managed by the Army, but was not part of the Army's Web site infrastructure nor was the server performing any important functions or storing sensitive information, according to Russ Cooper, Surgeon General of TruSecure.
"It was a totally useless Web server doing nothing whatsoever," Cooper said.
The Army denied that any of its systems had been attacked.
"To the best of our knowledge, an Army system was not attacked," said Colonel Ted Dmuchowski, director of information assurance in the Army's Network Technology Enterprise Command, in a prepared statement.
"According to our records, the military sites that were attacked did not belong to the Army,"
The Army was aware of the IIS vulnerability, however, and was taking steps to patch all of its affected networks, Dmuchowski said.
The Herndon,
Microsoft released a critical patch for the buffer overflow vulnerability on Monday, warning that it was already aware of exploits using the vulnerability. The
The flaw exists in a Windows 2000 component that is used to handle the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol.
WebDAVis a set of extensions to HTTP (Hypertext Transfer Protocol) that allows users to edit and manage files on remote Web servers. The protocol is designed to create interoperable, collaborative applications that facilitate geographically dispersed "virtual" software development teams.
