Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Outlook Web App of Microsoft Targeted with Malware, Finds Cybereason


According to Cybereason a security company, one fresh malware piece is attacking Microsoft's OWA (Outlook Web App), name of e-mail client.

The malware, an APT (advanced persistent threat), aids attackers in grabbing e-mail passwords of any organization as time goes. The strategy enables hackers in collating and maintaining their hold of numerous credentials thus having constant control of the ambience in which the organization runs.

Cybereason discovered the malware following the IT department of an organization detecting functional anomalies within its electronic mail servers.

The e-mail client OWA, which is an item of Microsoft Exchange Server, lets users in acquiring admission into own mailbox on Exchange Server via surfing on nearly any browser. Since OWA works like one mediator between the organization's inside systems as well as the Net; the e-mail client works to be one perfect target.

Cybereason explains that domain credentials are necessary for authenticating OWA, consequently, anybody who manages in accessing the e-mail client's server starts owning all domain credentials of the organization.

Security researchers observed identical name for the dubious DLL file like that of one genuine DLL employed for OWA's authentication system; however, there was no signature on it and it was taken from certain separate directory. The mentioned OWAAUTH.dll DLL file usually validates end-users on the server called Active Directory. However, attackers' malevolent version was created for planting onto IIS server certain ISAPI filter to sanitize HTTP queries. This planting of the filter inside registry makes sure the malware is activated whenever the server starts up.

Based on the above, the attackers attained each and every query in clear-text followed with determining those texts that carried usernames and passwords. Moreover, all authentication credentials got collected as also the malware saved them following encryption.

But unluckily for the attackers, they utilized the obsolete DES encryption system while storing the information. Naturally, the researchers could expose all that the attackers were seeking such as the e-mail passwords of the organization.

Senior Security Analyst Ken Westin of Tripwire a rival security firm says that the discovery calls for enhancing security monitoring in all organizations. Computing.co.uk reported this, October 6, 2015.

ยป SPAMfighter News - 10/12/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next