Malicious Exchange Server Module Hoovers Up Outlook Credentials – Threatpost

hosting December 15, 2021 Web Shared Hosting News Leave a comment 24 Views

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access (OWA).

Internet Information Services (IIS),  Microsoft’s web server/web-hosting software suite, can be extended via various add-ons that are known as modules.

Like plugins for WordPress or Chrome extensions, IIS modules offer an attractive way to side-load malicious features into web-facing applications. In this case, Owowa infects Exchange servers, exposing Exchange’s OWA function. Beyond credential theft, it allows remote…


Source link

Tags

About hosting

Check Also

ScalaHosting Review: The Best High-performance Host for Your Website?

ScalaHosting Review: The Best High-performance Host for Your Website?

As a website manager and digital marketer, I’ve had to evaluate diverse hosting providers to …

Leave a Reply

Your email address will not be published. Required fields are marked *