Malicious Exchange Server Module Hoovers Up Outlook Credentials – Threatpost

Malicious Exchange Server Module Hoovers Up Outlook Credentials – Threatpost

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access (OWA).

Internet Information Services (IIS),  Microsoft’s web server/web-hosting software suite, can be extended via various add-ons that are known as modules.

Like plugins for WordPress or Chrome extensions, IIS modules offer an attractive way to side-load malicious features into web-facing applications. In this case, Owowa infects Exchange servers, exposing Exchange’s OWA function. Beyond credential theft, it allows remote…


Source link

About hosting

Check Also

Marcia Clark, "Informants: Lawyer X" Leads Wondery Exhibit C Lineup – Bleeding Cool

Posted in: Audio Dramas, TV | Tagged: marcia clark, wondery Wondery announced new shows for …

Leave a Reply

Your email address will not be published. Required fields are marked *