Security experts say they witnessed a worst-case scenario two weeks ago when Internet servers fell victim to a previously unknown flaw in Windows 2000 servers running Microsoft’s Internet Information Services 5.0 software. “It’s a zero-day attack,” says Russ Cooper, editor of security E-mail list NTBugtraq and surgeon general of security firm TruSecure Corp. Zero-day attacks, or attacks against software vulnerabilities not yet known by software vendors, are very rare, Cooper says. TruSecure says it gathered intelligence that a server operated by the U.S. Army was attacked twice; the Army did not confirm the attacks by press time. Full Story