One in nine servers running Microsoft's IIS (Internet Information Services) has software installed on it that would allow attackers to take complete control of the system, according to a new survey by Web server information company Netcraft.
The survey, conducted last month, found that 11 per cent of all queried servers running IIS have the "root.exe" hacking program installed on them. That figure is up from the 8.5 per cent found in September. Netcraft sends a monthly automated query to servers to discover information such as what software runs the server, what average server uptime is and what security flaws are present in servers. The October survey drew data from 33.1 million Web sites.
IIS security has come under particular scrutiny in recent months as at least half a dozen serious security flaws in IIS have been discovered since January and two major Internet worms, Code Red and Nimda, have exploited those flaws to infect hundreds of thousands of IIS systems worldwide.
Although patches have been issued for all those security holes, not all vulnerable systems have had the patches applied, so both worms were able to cause substantial inconvenience and even forced some companies offline. A new Nimda worm appeared a fortnight ago, exploiting the same flaws as the first Nimda, which had evidently not been patched on many servers.
The presence of four other IIS security flaws rose from September to October, the survey found. The "Administration pages accessible" hole was present on 25 per cent of machines, up from 17 per cent in September; the "Sample pages and scripts" problem jumped from 17 per cent to 26 per cent of systems; the "Server paths revealed" flaw was found on 10 per cent of systems, up from 8.5 per cent; and 2.5 per cent of systems were vulnerable to the Code Red worm, up from zero the month before.
The survey also found that a number of Web sites had moved from using IIS to competitors' products. In October, more than 1500 sites moved from IIS to Zeus Technology's Web server and more than 1700 moved to Netscape Communications' server.