Information Security News
mailing list archives
Attackers use ColdFusion flaw to install Microsoft IIS malware
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 17 Dec 2013 08:49:36 +0000 (UTC)
By Lucian Constantin
IDG News Service
December 16, 2013
Attackers exploited a vulnerability in Adobe ColdFusion to install
data-stealing malware that works as a module for Microsoft's Internet
Information Services (IIS) Web server software.
Researchers from security firm Trustwave recently reported they've
identified IIS (Internet Information Server) Web servers infected with
malicious IIS modules designed to steal information submitted by users on
websites hosted on those servers.
The modules are rogue DLL (dynamic link library) files and were installed
by a malware program the Trustwave researchers dubbed ISN that infects
both 32-bit and 64-bit versions of IIS6 and IIS7+.
ISN detects the IIS version and installs the corresponding DLL module,
which then monitors POST requests -- data submissions -- to specific URLs
and saves the information to a log file.
Find the best InfoSec talent without breaking your
IT recruiting budget! Save 50 percent off our normal
rate by using the discount code - XMAS2013
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
- Attackers use ColdFusion flaw to install Microsoft IIS malware InfoSec News (Dec 17)