New Frebini Malware Exploits IIS Features for Covert Communication with Command-and-Control Server: Warning of Sophisticated Targeted Attacks

The article reports on the discovery of a new malware named "Frebini" that abuses the features of Microsoft's Internet Information Services (IIS) web server for secret communication with its command-and-control (C2) server. Frebini is a remote access trojan (RAT) that allows attackers to take control of an infected system and steal sensitive data. The article explains that Frebini is designed to avoid detection by hiding its communication with the C2 server in the legitimate HTTP traffic of the infected server. The malware uses the IIS web server's Application Request Routing (ARR) module to forward requests from the infected system to the C2 server and receive responses. This allows the malware to bypass traditional network security measures that focus on blocking specific IP addresses or domains. The researchers note that Frebini is a sophisticated malware that is likely to be used in targeted attacks against high-value targets, such as businesses and government organizations. They also suggest that the use of IIS features for covert communication may become a trend in future malware attacks. The article concludes that the discovery of Frebini highlights the ongoing threat of advanced malware attacks and the need for organizations to implement strong security measures to protect their systems and data. It underscores the importance of keeping software and security systems up to date, monitoring network traffic for suspicious activity, and using a multi-layered defense strategy to prevent and detect potential attacks.