The New Microsoft IIS Backdoor

A new Microsoft IIS backdoor that's being used in order to gain persistent access to a compromised IIS server. Having good rules to detect these kind of attacks remains very valuable. Symantec calls this backdoor, and I hope I pronounce it right here, Frap and IIS. The one thing that really adds in this new diary entry is detailed explanations as to what these rules are looking for.