Security News > 2023 > February > Hackers backdoor Microsoft IIS servers with new Frebniis malware
Hackers are deploying a new malware named 'Frebniss' on Microsoft's Internet Information Services that stealthily executes commands sent via web requests.
Microsoft IIS is a web server software that acts as a web server and a web app hosting platform for services like Outlook on the Web for Microsoft Exchange.
In the attacks seen by Symantec, the hackers abuse an IIS feature called 'Failed Request Event Buffering', responsible for collecting request metadata.
The malware injects malicious code into a specific function of a DLL file that controls FREB to enable the attacker to intercept and monitor all HTTP POST requests sent to the ISS server.
Advanced network traffic monitoring tools might also help detect unusual activity from malware like Frebniis.
In October 2022, Symantec discovered another malware used by the Cranefly hacking group that abused ISS logs to send and receive commands from the C2 server without raising any alarms.
News URL
Related news
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)