December
11
0 likes
0 comments
0 shares

Malicious DLL Discovered by Security Experts

The SpiderLabs team at Trustwave, a security provider, reported that a malicious DLL installed as an Microsoft IIS module has been showing up online and it is currently undetectable by most anti-virus tools, according to an article published on the Web Host Industry Review web site.

Josh Grunzweig of SpiderLabs advised that malicious software of this type (known as “ISN”) is “used by attackers to target sensitive information in POST requests, and it has mechanisms for unauthorized data retrieval from the affected server”, according to the article.

ISN is able to circumvent encryption because it extracts this data from IIS itself“, the article continues.

The article states that this process has been observed before and is a familiar tactic according to SpiderLabs. They have seen this used on e-commerce sites to target credit card data, but they also predict that it could be used to steal log in credentials, or private information “sent to a compromised IIS instance”, as the article confirms. Grunzweig suggests, as quoted in the article, “No anti-virus software can detect IIS modules dropped by this malware. But ISN’s installer could potentially be detected through ‘general heuristic detection’ which looks for and flags suspicious activities such as the transfer of data to another server.”

Grunzweig adds, “the extremely low detection rate in collaboration with the malware’s targeted functionality makes this a very real threat”, according to the article.  He feels that this threat is “one for which web hosts should be prepared.”

Read more about this threat and learn about what industry experts are saying here in the original article at the Web Host Industry Review web site.

Share:

LEAVE A COMMENT


This site uses Akismet to reduce spam. Learn how your comment data is processed.