• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Frebniis Malware Exploits Microsoft IIS Feature

You are here: Home / General Cyber Security News / Frebniis Malware Exploits Microsoft IIS Feature
February 20, 2023

Cybersecurity researchers have found a new malware that leverages a reputable attribute of Microsoft’s Internet Information and facts Services (IIS) to install a backdoor in specific programs.

In accordance to an advisory revealed previous Thursday by Symantec, the malware, dubbed “Frebniis,” was utilised by a formerly not known risk actor against targets in Taiwan.

“The strategy employed by Frebniis entails injecting malicious code into the memory of a [dynamic link library] DLL file […] related to an IIS function utilized to troubleshoot and review unsuccessful web site requests,” reads the specialized produce-up.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


At a primary stage, IIS is a web server running on Windows systems to provide requested HTML internet pages or files. These servers can take requests from distant consumer computer systems and then return the proper response.

“IIS has a characteristic recognised as Failed Request Celebration Buffering (FREB) that collects information and specifics about requests, these types of as originating IP deal with and port, HTTP headers with cookies, and many others.,” discussed the Symantec crew.

In accordance to the security researchers, exploiting this tool enabled the malware to stealthily keep track of all HTTP requests when also instantly recognizing specifically formatted HTTP requests despatched by the attacker.

“These requests enable distant code execution [RCE] and proxying to inner programs in a stealthy way,” reads the advisory. “No data files or suspicious procedures will be operating on the procedure, making Frebniis a rather unique and scarce kind of HTTP backdoor viewed in the wild.”

The Symantec group clarified that to use this method, an attacker would need to have to get accessibility to the Windows technique operating the IIS server by some other means. In the attack explained in the advisory, the security researchers wrote that it was unclear how this accessibility was realized.

This is not the very first time Microsoft’s IIS has been used for destructive applications. Again in 2020, the tech big patched their servers just after an enhance in this form of attack.

Much more recently, Microsoft introduced patches for more than 70 CVEs, like three zero-working day vulnerabilities.


Some elements of this post are sourced from:
www.infosecurity-journal.com

Previous Post: «godaddy’s multi year' security breach a 'damaging blow' to user confidence GoDaddy’s multi-year’ security breach a ‘damaging blow’ to user confidence
Next Post: GoDaddy Announces Source Code Stolen and Malware Installed in Breach Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.