Month: September 2021

• New web server hijacker HttpResetModule.dll

  Today a friend’s server was hacked. The web site displays normally if visited directly. The content is highjacked when visit from a Baidu Search result, similar to what user 41nbow experienced at https://www.freebuf.com/articles/web/222060.html. A file system wide search for recent changed files shows that %windir%\system32\inetsrv\config\applicationHost.config file was recently updated. New entries were added to the…

  Sheng Jiang 蒋晟

  22/09/2021

  Uncategorized