IIS 6 Servers infected with Downadup/Conflicker worm

Paul Cociuba, from the IIS and ASP.net Support Team, revealed the symptoms that would clue in administrators that IIS 6 has been compromised with Conflicker (Downadup) malware. “You start your browser to connect to the ASP.net application but all you receive once you navigate to its address is a 'Service Unavailable' message in your browser. […]

Paul Cociuba, from the IIS and ASP.net Support Team, revealed the symptoms that would clue in administrators that IIS 6 has been compromised with Conflicker (Downadup) malware.

“You start your browser to connect to the ASP.net application but all you receive once you navigate to its address is a 'Service Unavailable' message in your browser. Upon investigation of your Event Viewer Application log, you notice that there are lots of errors logged by ASP.net 2.0 telling you that the Application Domain could not be created,” Cociuba stated. “You start your browser and when you open the page of your ASP.net application you have a message that informs you that the application could not connect to the 'Out Of Process State Server' in ASP.net. Upon investigation you note that the aspnet_state.exe process that hosts the 'Out Of Process State Server' is running and nothing has changed in the configuration of your IIS 6 server.”[…]

Full Article