Script kiddies target Microsoft IIS

Hot on the heels of Microsoft's announcement that there is a serious vulnerability inherent in its IIS 5 web server software, a tool which allows script kiddies to easily exploit the flaw is circulating on the internet.

A hacker going by the name of Dark Spyrit released the code shortly after Microsoft released its advisory that due to an error in the Internet Printing Protocol extension, a malicious user could exploit a buffer overflow and take full control of a web server running IIS 5.

The code, known only as jill.c, is a C script that requires little technical knowledge to exploit the vulnerability.

The jill.c code sneaks malicious code past firewalls by disguising the data so it looks like it's coming from a web server. Because web traffic is considered essential as well as typical traffic, the firewall does not block it and allows a connection on any port.

The code automatically exploits the glitch in the internet printing Internet Services Application Programming Interface (ISAPI) and then returns a command prompt to the hacker, giving him administrator level access.

Because of its automated nature, the jill script could be used by a script kiddie with little technical know-how to hijack a server.

Administrators who have already applied the patch need not worry about this tool, but Microsoft is strongly advising those who have not patched their servers to do so immediately.

The patch and more information can be found here.