Tag Archives: Hoovers

Malicious Exchange Server Module Hoovers Up Outlook Credentials – Threatpost

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access (OWA).

Internet Information Services (IIS),  Microsoft’s web server/web-hosting software suite, can be extended via various add-ons that are known as modules.

Like plugins for WordPress or Chrome extensions, IIS modules offer an attractive way to side-load malicious features into web-facing applications. In this case, Owowa infects Exchange servers, exposing Exchange’s OWA function. Beyond credential theft, it allows remote…


Source link