Putting some custom FREB code into your regular IIS connections
February 17, 2023 By Alfonso Maruccia
In context: Starting with the good old NT 3.51 released in 1995, Windows has always included an extensible web server called Internet Information Services (IIS). Although not active by default, it can open the OS to external attacks like one recently discovered by Symantec.
Backdoor.Frebniis, or simply Frebniis, is a stealthy new malware discovered by Symantec researchers that leverages a vulnerability in IIS to put a backdoor into Windows web servers. Unknown cyber-criminals have actively exploited targets in Taiwan. To infect a system, hackers first need access to an IIS server. Symantec analysts have yet to find out how the attackers gained initial access.
