Researchers have identified a sophisticated piece of malware that exploits a feature in Microsoft Internet Information Services to secretly exfiltrate data and run malicious code on Windows devices (IIS).
IIS is a general-purpose web server that works with Windows machines. It accepts requests from distant clients and responds appropriately in the role of a web server. According to network analytics company Netcraft, there were 51.6 million IIS instances scattered across 13.5 million distinct domains as of July 2021.
When a web request comes in from a remote client, IIS’s Failed Request Event Buffering functionality records metrics and additional information. Two examples of the information that can be gathered are client IP addresses, port numbers, and HTTP headers with cookies. FREB extracts requests that satisfy specific requirements from a buffer and writes them to disc, assisting administrators in troubleshooting unsuccessful web requests. The approach can assist in isolating the root cause of 401 or 404 problems as well as stopped or abandoned queries.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: