Security News > 2021 > April > FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins

The FBI deleted web shells installed by criminals on hundreds of Microsoft Exchange servers across the United States, it was revealed on Tuesday.

"Although many infected system owners successfully removed the web shells from thousands of computers, others appeared unable to do so, and hundreds of such web shells persisted unmitigated," the Justice Department noted in an announcement.

The FBI deleted the shells by issuing a command through the web shell to the server "Which was designed to cause the server to delete only the web shell," it said.

The FBI said it will try to send emails to the operators of all the servers it discovered the web shells on, advising them how to patch their equipment.

"Today's court-authorized removal of the malicious web shells demonstrates the Department's commitment to disrupt hacking activity using all of our legal tools, not just prosecutions," said assistant attorney general John Demers from the Justice Department's National Security Division.

"This court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable computers shows our commitment to use any viable resource to fight cyber criminals," she said.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/04/14/fbi_exchange_server_malware_deletion/