Trend Micro Warns of Widespread BadIIS Malware Targeting IIS Servers
Cybersecurity firm Trend Micro has uncovered a widespread malware campaign targeting Internet Information Services (IIS) servers. The campaign, linked to Chinese-speaking threat actors, has compromised servers belonging to various sectors across Asia and beyond.
Dubbed BadIIS, the malware has infected organizations ranging from government agencies and universities to technology companies and telecommunications firms. It exploits vulnerabilities in IIS servers, altering HTTP responses to serve two primary purposes: SEO fraud mode and injector mode.
In injector mode, BadIIS injects malicious JavaScript into web pages, rerouting users to attacker-controlled sites hosting malware or phishing schemes. Meanwhile, in SEO fraud mode, the malware redirects traffic from search engine bots to illegal gambling sites, manipulating HTTP responses to mislead SEO trackers. This financially motivated campaign has affected several Asian countries, including India, Thailand, Vietnam, and potentially others like the Philippines, Singapore, Taiwan, South Korea, Japan, Brazil, and Bangladesh.
To secure IIS servers, Trend Micro recommends regular updates, monitoring for unauthorized installations, restricting administrative access, implementing firewalls, reviewing IIS logs, and disabling unnecessary services.
The BadIIS malware campaign highlights the importance of robust cybersecurity measures. Organizations must remain vigilant and proactive in protecting their servers and user data. As the campaign continues to evolve, so too must our defenses.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- Swedish Housing Associations Hike Fees by 8.1% Amidst Inflation and Interest Rate Surge
- British intelligence agency MI6 establishes a covert dark web platform named 'Silent Courier' in Istanbul for the purpose of identifying and enlisting secret agents.
