Nerds On Site

Heads Up – A Fake Firefox Add-on and a Vulnerability in IIS

Spyware comes in many forms, and spyware writers are always looking for new ways to take advantage of the unwary. This one masquerades as a plugin for Firefox. This is not malware of the botnet or password-stealing variety, but is does capture search data – and that is definitely spying.
There are still quite a few websites running on IIS 6 and IIS 5, especially small company sites. There is a newly discovered flaw that has not yet been patched by MS, but for which there is exploit code available on the internet. The vulnerability is in the FTP code, so FTP anonymous access should be turned off if it is not needed (or FTP disabled completely). IIS 5 is definitely vulnerable, and later versions may also be vulnerable, although less so. Locking down the directly structure is another way to mitigate this risk, since the exploit requires the ability to create a directly.
There is not much we more can do at the moment, except be aware of it and keep an eye on any sites that we know are running on these versions of IIS. More details can be found here and here.
Dennis H in West Virginia, US
September 2, 2009

Leave a Comment

Your email address will not be published.

Scroll to Top