Malicious Exchange Server Module Hoovers Up Outlook Credentials

103
Malicious Exchange Server Module Hoovers Up Outlook Credentials

Researchers have discovered a previously unknown dangerous IIS module, called Owowa that steals information when users log in to Microsoft Outlook Web Access (OWA).

“Owowa” is stealthily lurking on IIS servers, waiting to harvest successful login when Outlook Web Access (OWA) authentication application.

Internet Information Services (IIS), Microsoft web server / web hosting software, can be expanded using various add-ons known as modules.

Like WordPress plugins or Chrome extensions, IIS modules provide an attractive way to exclude malicious features from web-based applications. In this case, Owowa infects Exchange servers, exposing the OWA Exchange function. Without data theft, it allows remote attackers to run commands on a sub-server and gain access to a wide network, alerts researchers.

Read More: Threatpost

For more such updates follow us on Google News ITsecuritywire News