“Tens of Thousands of [Microsoft IIS] Sites” Are Being Compromised

Dr. Roy Schestowitz

2010-06-15 07:29:12 UTC
Modified: 2010-06-15 07:29:12 UTC

Summary: Another live example of Microsoft 'security' at work; debunking the latest Linux lies from Ed Bott

"SECURITY through obscurity" sounds like a good idea in theory. As we recently found out (and had confirmed by Microsoft), part of this obscurity is lack of disclosure. Microsoft is silently patching flaws that it never discloses, which is dishonest if not fraudulent when Microsoft issues security reports based on such oversight.

According to this new article, "tens of thousands of sites" running Microsoft's software are paying the price for having 'secret' vulnerabilities:

There's a large-scale attack underway that is targeting Web servers running Microsoft's IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there's no clear indication of who's behind the campaign right now.

The attack, which researchers first noticed earlier this week, already has affected a few high-profile sites, including those belonging to The Wall Street Journal and The Jerusalem Post. Some analyses of the IIS attack suggest that it is directed at a third-party ad management script found on these sites.

This must be the latest example of why nobody gets fired for avoiding Microsoft.

Speaking of Windows security, "Juniper Networks Protects Customers From New Microsoft Vulnerabilities" after Juniper became filled with Microsoft managers [1, 2, 3]. It's just something to bear in mind.

There is some bad FUD about Linux security at the moment (coming primarily from Ed Bott). SJVN has already responded to this FUD:

Here's what really happened. UnrealIRCd, a rather obscure open-source IRC (Internet Relay Chat) server, wasn't so much hacked as the program it was letting people download has been replaced by one with a built-in security hole. Or, as they explained on their site,

Microsoft boosters like Bott have been desperate to show that GNU/Linux is not more secure than Windows. As companies like Google dump Windows for security reasons, Microsoft will carry on with this FUD campaign but rely on peripherals/extensions (like Bott) to do the attacks]. That's just how Microsoft operates when it needs FUD. See the "smoking gun" below. ⬆

"As discussed in our PR meeting this morning. David & I have spoken with Maureen O'Gara (based on go ahead from BrianV) and planted the story. She has agreed to not attribute the story to us....

"[...] Inform Maureen O' Gara (Senior Editor Client Server News/LinuxGram) or John Markoff (NYT) of announcement on Aug 28, 2000. Owner dougmil (Approval received from BrianV to proceed)

"Contact Eric Raymond, Tim O'Reilly or Bruce Perrins to solicit support for this going against the objectives of the Open Source movement. Owner: dougmil [Doug Miller]. Note that I will not be doing this. Maureen O'Gara said she was going to call them so it looks better coming from her."

Microsoft uses reporters as attackers

What Ruben Amorim and Stefano Maffulli Have in Common: Censors Wikipedia and Social Control Media
Microsoft Won't Cooperate in Trying to Tackle EPO Corruption (Microsoft Profits From This Corruption): Use something like BigBlueButton, Jami, Ring, and Jitsi instead
We Are Sad to Hear the Story of Jonathan Riddell, Champion of KDE and GNU/Linux on Desktops/Laptops: I have enormous respect for Jonathan and everything he has done
Geminispace Growing at Pace of Over 10% Per Year: Contrary to what some pessimists try to claim
Linux Mint Forums Today: Disable 'Secure Boot', It Doesn't Improve Security, It's Just a Microsoft Obstacle to GNU/Linux Users: They also mention MOK
Solved Less Than an Hour Ago: Trying to Escape Windows, 'Secure Boot' Gets in the Way: 'Secure Boot' wasn't meant to even exist in the first place
Stefano Maffulli, Executive Director of the Open Source Initiative, Resigns or Gets Removed (We'll Continue Covering OSI Scandals): A dozen mentions of "AI", not much about "Open Source"
Andy Has Just Nailed It (Regarding Complexity and Failure, a la UEFI): The users no longer own or control what they buy
Compatibility Support Module (CSM) Versus GNU/Linux Simplicity: what Andy recently called "solutionism"
Links 15/09/2025: "Postal Traffic to US Down by Over 80%" and 'Smart' Spinozacampus Laundry Room Goes AWOL: Links for the day
Gemini Links 15/09/2025: Dungeon Hustle and Deleting Oneself From the Net: Links for the day
Breach of EPO's Duty of Care or Cigna Reimbursement Issues: This is the sort of thing that motivated Luigi Mangione to assassinate a CEO
Ask Ubuntu About "Secure Boot" Violation and Laptops That Don't Boot GNU/Linux: Does anyone still believe that "Secure Boot" has anything at all to do with security?
Talking About the Problem vs Talking to the Problem: Wanting an audience is never a good excuse for compromising one's values and principles
Focusing on Patents: The reason we cover the EPO so much is that it's close to home
"Secure Boot Violation": The 'Joys' of Fake Security Gone Wrong: Not everyone reboots every day
Links 15/09/2025: Russia Invades Romanian Airspace, Penske Media Sues Google Over LLM Slop: Links for the day
Links 15/09/2025: Bitcoin ATMs Scam and "Conservative Cryptography" (Backdoors Fantasies): Links for the day
EPO Imitates Microsoft: "Three Days or More Per Week" Inside the Office to Get a Desk to Work on; "the Office Breaches Its Promise Towards Staff and Acts in Breach of Its Duty of Care": The EPO serves no actual function in Europe
Links 15/09/2025: Political Affairs, Censorship, and Copyrights: Links for the day
Gemini Links 15/09/2025: Music Genres, Invisible Networks, and Akademy 2025: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, September 14, 2025: IRC logs for Sunday, September 14, 2025
Satya's Plan B: Try to Hide the Massive Extent/Scale/Scope of Microsoft Layoffs: fewer people buy Microsoft
Red Hat News About De Facto Mass Layoffs (Bluewashing) Gone From Reddit (Censored by Gatekeepers), Still Online in The Register: With RTOs, PIPs, relocation etc. expect IBM to "shed off" many Red Hatters
UEFI "Secure Boot Doesn’t Play Nice at the Moment": UEFI "Secure Boot" does not improve security. It's an artificial obstacle in service of monopoly.
Gemini Links 14/09/2025: ROOPHLOCH, Music, and Reddit: Links for the day
If You Want to "make your 'Windows PC' lean, mean, and fast" You Will Install GNU/Linux or Some BSD: That kind of article says a lot about IDG
Slopwatch: Google News Infested With Slop (About Half of the Results for "Linux" Today): This is the sort of junk one finds when looking for "Linux" in Google News these days
Links 14/09/2025: Ricky Hatton Dies and McDonald's Declares War on Tipping Culture: Links for the day
Links 14/09/2025: Disasters for CEOs Obsessed With Slop and Slop Companies School Like Fish: Links for the day
"Bad Shim Signature" (Microsoft 'Secure' Boot): "Fresh install not booting"
What Microsoft Garrett and Microsoft Lunduke Have in Common: Similar tactics, different "wings"
Links 14/09/2025: US "Economy Sagging", "Michigan Economy Wobbles From Tariffs": Links for the day
Gemini Links 14/09/2025: Minimalist Snippet Manager and Omarchy Linux: Links for the day
The Face of the Digital Far Right: Microsoft Lunduke: Microsoft Lunduke is an online extremist that belongs to and panders to the far right
20 Years Later and Academia Isn't the Same: "I never dreamed of being a professor"
'Cancel Culture' by the Right: Microsoft Lunduke Contacts People's Employers Trying to Get Them Fired: Microsoft Lunduke panders to extremists online
"Bad Shim Signature"; So 'Secure' That It Overrides Users' Preferences and Turns Itself Back on (Coercive Measure): This was a few hours ago
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, September 13, 2025: IRC logs for Saturday, September 13, 2025
Microsoft is Rapidly Dropped From Web Servers, Shows Survey: Microsoft lost about 8% "market share" in just 3 months
Many GNU/Linux Users Report MOK (Machine Owner Key) Issues in Recent Days: many people don't report this online and never post in Reddit
We Covered UEFI 'Secure Boot' Scandals. The World Listened.: To hell with UEFI 'secure boot'
Links 13/09/2025: Escalations in East Europe and POTUS’ Health Cover-Up: Links for the day
Gemini Links 13/09/2025: Lagrange Turns 5 and Lagrange 1.19.2 Released: Links for the day
Microsoft Inside Your Linux: "Security vulnerability that allowed an attacker to bypass UEFI Secure Boot.": 2 hours ago
A New Low for "Linux Journal": Promoting MICROSOFT WINDOWS Using LLM Slop: They've just jumped the shark entirely
Fake News With Fake Numbers About Microsoft: "This is what happens when the world's economy is governed by sick old men"
Slopwatch: "Google News" is Fast Becoming a Mashup of Slopfarms, Linux Journal ("LJ") is a Dump of LLM Slop: Well done, Google News. Google itself can flourish as a slopfarm mashup.
Torturing Users Who Just Want to Run GNU/Linux on Their Own PC: "Linux does not want to install"
The Register MS Still Takes Money to Hype Up "AI" in Articles by Microsoft Resellers With the Term "AI" 30+ Times in Them: Notice how many times they mention "AI"
The Apache Logo News is VERY Old, Racists and 'Anti-Woke' Bigots Look for Something to Incite Other Bigots With: Nothing to see here, move along
Linux Mint 9/11: "4th One Today..." (in Reddit): Remember that not everyone having an issue reports it to social control media like Reddit
Nepal Will Fall Without a Single Shot Fired, Thanks to Social Control Media: Or very few shots (by the authorities)
European Corruption in the European Patent Office (EPO) Targets Culture: "In reality, the project includes a new “legal instrument” shifting administrative burden and liability on EPO staff while creating new uncertainty and externalising Amicale activities."
European Authorities, Already Bribed and Infiltrated by Microsoft, Won't Help You Find BigBlueButton, Jami, Ring, and Jitsi: Because they're paid by Microsoft and are Microsoft 'addicts' themselves
UEFI Secure Boot Failing, as Expected for Nearly 15 Years Already (Techrights Said This Since 2012): in the media
Debian 9/11: people report this issue
Gemini and Web Links 13/09/2025: MElon's Slop Grift and "Autonomous Trains": Links for the day
Moving From Content Management Systems (CMSs) to Static Site Generators (SSGs) Saves You Time, Makes You a Lot More Productive: try to reduce the cost (financial and computational) of running your site
Pursuing Peace Through Violence: You cannot "see" a person's mind, until the mouth opens
Leak: European Patent Office (EPO) is Now Attacking Amicale Clubs: corruption has become the norm and scientists are robbed of any dignity
Can We Please Stop Celebrating Shooters?: "An important point to hammer on is that CoCs were never intended for uniform or symmetric application"
Oracle Fraud (or Defrauding Shareholders): "the obvious [lie] is that watts are (wasted) electricity [and] and FLOPS are computing capacity"
Geminispace is Growing Faster in 2025 Than It Did in 2024: What matters is that corporations haven't ruined it and LLM slop is extremely rare
Links 13/09/2025: China Punishes for 'Negative' Posts, US Police Unable to Find Shooter: Links for the day
Who's the Mystery Financier of SLAPP Against Techrights and Is That a Millionaire/Billionaire?: Whose idea was it to fund meritless lawsuits against my wife and I?
Slopwatch: Slow Slop Day: This distracts from or may take traffic away from the original articles, actually written by actual people
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, September 12, 2025: IRC logs for Friday, September 12, 2025

“Tens of Thousands of [Microsoft IIS] Sites” Are Being Compromised

Recent Techrights' Posts