Search results for:
The SpiderLabs team at Trustwave, a security provider, reported that a malicious DLL installed as a Microsoft IIS module has been showing up online, and it is currently undetectable by most anti-virus tools, according to an article published on the Web Host Industry Review website.
Josh Grunzweig of SpiderLabs advised that malicious software of this type (known as "ISN") is "_used by attackers to target sensitive information in POST requests, and it has mechanisms for unauthorized data retrieval from the affected server_," according to the article.
"_ISN is able to circumvent encryption because it extracts this data from IIS itself_"the article continues.
The article states that this process has been observed before and is a familiar tactic, according to SpiderLabs. They have seen this used on e-commerce sites to target credit card data, but they also predict that it could be used to steal login credentials or private information "sent to a compromised IIS instance," as the article confirms. Grunzweig suggests, as quoted in the article, "No anti-virus software can detect IIS modules dropped by this malware. But ISN's installer could potentially be detected through 'general heuristic detection' which looks for and flags suspicious activities such as the transfer of data to another server."
Grunzweig adds, "the extremely low detection rate in collaboration with the malware's targeted functionality makes this a very real threat," according to the article_._ He feels that this threat is "one for which web hosts should be prepared."
Written by Bryon Turcotte / December 11, 2013