ESET Research discovers new IIS web server threats spy on …

(MENAFN-Mid-East.Info) Dubai, United Arab Emirates: ESET researchers have discovered a set of 10 previously undocumented malware families implemented as malicious extensions for Internet Information Services web server software (IIS). Targeting both government mailboxes and e-commerce credit card transactions, while facilitating the distribution of malware, this diverse class of threats operates by spying on and tampering with server communications. At least five IIS backdoors spread through the operation of Microsoft Exchange mail servers in 2021, according to ESET telemetry and the results of additional internet-wide scans that ESET researchers performed to detect the presence of these backdoors.
Among the victims are governments in Southeast Asia and dozens of companies belonging to various industries located mainly in Canada, Vietnam and India, but also in the United States, New Zealand, South Korea. and in other countries.

Today, ESET Research is releasing the “Anatomy of native IIS malware” white paper and launching a series of blog posts on the most notable threats recently discovered: IIStealer, IISpy and IISerpent. These will be posted on WeLiveSecurity from today until August 11, 2021. The results of ESET’s IIS malware research were first presented at Black Hat USA 2021 and will also be shared with the community during the Virus Bulletin 2021 conference on October 8. 2021.

IIS malware is a diverse class of threats used for cybercrime, cyber espionage, and SEO fraud, but in all cases its primary purpose is to intercept incoming HTTP requests to the compromised IIS server and affect how the server responds to (some of) these requests. “Internet Information Services web servers have been targeted by various malicious actors, both for cybercrime and cyberespionage. The software’s modular architecture, designed to provide extensibility for web developers, can be a useful tool for attackers, ”says Zuzana Hromcová, ESET researcher, author of the article.

ESET has identified five main modes in which IIS malware operates:

  • IIS backdoors allow their operators to remotely control the compromised computer with IIS installed.
  • IIS infostealers allow their operators to intercept regular traffic between the compromised server and its legitimate visitors and steal information such as login information and payment information.
  • IIS injectors modify HTTP responses sent to legitimate visitors to serve malicious content.
  • IIS proxies turn the compromised server into an unintentional part of the command and control infrastructure for another family of malware.
  • SEO fraud IIS malware modifies the content served by search engines to manipulate SERP algorithms and improve the ranking of other websites of interest to attackers.

“It’s still quite rare for security software to run on IIS servers, which makes it easy for attackers to operate undetected for long periods of time. This should be disturbing for all serious web portals who want to protect their visitors’ data, including authentication and payment information. Organizations using Outlook on the web should also be careful, as it relies on IIS and could be an attractive target for espionage, ”says Hromcová.

ESET Research offers several recommendations that can help mitigate IIS malware attacks. These include the use of strong unique passwords and multi-factor authentication for the administration of IIS servers; keep the operating system up to date; using a web application firewall and endpoint security solution for the server; and periodically check the configuration of the IIS server to verify that all installed extensions are legitimate.

About ESET :

For more than 30 years, ESET® has been developing cutting-edge IT security software and services to protect businesses, critical infrastructure and consumers around the world against increasingly sophisticated digital threats. From endpoint and mobile device security to endpoint discovery and response, encryption and multi-factor authentication, ESET’s high-performance, easy-to-use solutions protect and monitor discreetly 24/7 / 7, updating defenses in real time to keep users safe and businesses running. without interruption. Evolving threats require an evolving computer security society that enables the safe use of technology. This is supported by ESET’s R&D centers around the world, working in support of our common future.


Legal warning: MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility for the accuracy, content, images, videos, licenses, completeness, legality or reliability of the information contained in this article. If you have any complaints or copyright issues related to this item, please contact the supplier above.

Source link

Comments are closed.