IIS Malware

The first ESET Research podcast episode dives deeper into the previously unexplored waters of malware targeting Internet Information Services (IIS), Microsoft's web server software for Windows with an extensible, modular architecture.  Threat actors misused IIS to intercept or modify network traffic already back in 2013 and in 2021 IIS backdoors are being deployed by both cybercriminals and APT groups. ESET research breaks down the anatomy of native IIS malware, extracts its common features and documents real-world ...

The first ESET Research podcast episode dives deeper into the previously unexplored waters of malware targeting Internet Information Services (IIS), Microsoft's web server software for Windows with an extensible, modular architecture. 

Threat actors misused IIS to intercept or modify network traffic already back in 2013 and in 2021 IIS backdoors are being deployed by both cybercriminals and APT groups. ESET research breaks down the anatomy of native IIS malware, extracts its common features and documents real-world cases, supported by its full-internet scan for compromised servers.

ESET researchers discovered as many as 14 malware families being deployed in the wild ranging from traffic redirectors to backdoors. We cover curious schemes to boost third-party SEO by misusing compromised servers, and IIS proxies turning the servers into a part of C&C infrastructure but also mitigation techniques and a whole lot more.

Host: Aryeh Goretsky, ESET Distinguished Researcher

Guest: Zuzana Hromcová, ESET Malware Researcher

Read the whole story @WeLiveSecurity.com. 

White paper:

Anatomy of native IIS malware

Blogposts:

IIStealer: A server‑side threat to e‑commerce transactions

IISpy: A complex server‑side backdoor with anti‑forensic features

IISerpent: Malware‑driven SEO fraud as a service