Experts have spotted a malware called Frebniis that abuses a feature of Microsoft IIS to deploy a backdoor and monitor all traffic
The HTTP to the system.
Broadcom Symantec researchers have spotted a new malware, dubbed Frebniis, that exploits Microsoft Internet Services (IIS) to deploy a backdoor and monitor all HTTP traffic to the infected system.
The malicious code was used in attacks against targets in Taiwan by a currently unknown hacker.
Frebniis works by injecting code into the iisfreb.dll memory that is used by the IIS Failed Request Event Buffer (FREB) feature to troubleshoot failed requests.
The IIS Failed Request Event Buffer (FREB) feature collects data and details about requests, such as HTTP headers with cookies, the originating IP address and port, etc.
Frebniis software parses all requests for /logon .aspx or /default .aspx with a specific parameter password, allowing it to decode and run .NET code when a password match is found.
Experts noted that the malware does not save executable fil