Australian Cybersecurity Magazine -
ESET researchers have reported a set of 10 previously undocumented malware families, implemented as malicious extensions for Internet Information Services (IIS) web server software. Targeting both government mailboxes and e-commerce credit card transactions, as well as aiding in malware distribution, this diverse class of threats operates by eavesdropping on and tampering with the server’s communications. At least five IIS backdoors have been spreading through server exploitation of Microsoft Exchange email servers in 2021, according to ESET telemetry and the results of additional internet-wide scans that ESET researchers performed to detect the presence of these backdoors.
IIS malware is a diverse class of threats used for cybercrime, cyberespionage and SEO fraud — but in all cases, its main purpose is to intercept HTTP requests incoming to the compromised IIS server and affect how the server responds to (some of) these requests. “Internet Information Services web servers have been targeted
The post New IIS web server threats eavesdropping on governments and targeting e-commerce transactions was originally published at Australian Cybersecurity Magazine.