Well, it reminds me of this: http://www.satirewire.com/news/0103/outlook.shtml
From: [email protected] [mailto:[email protected]] On Behalf Of Andrew S. Baker Sent: Wednesday, October 07, 2015 11:03 AM To: ntsysadm Cc: [email protected] Subject: Re: [NTSysADM] RE: [Exchange] So, how did they plant the malware? This is absolutely a "need more info" type of scenario. Nothing in the article begins to hint at an actual OWA weakness, in any event. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market… GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A On Wed, Oct 7, 2015 at 11:37 AM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: We've been discussing this on a couple of closed lists. Long-story short - insufficient data at this time. The wording of the story is also of some concern. "Outlook mailserver"? Not Exchange? Also, how was the DLL injected? Was the server already compromised? If so, game over and it isn't OWA's fault. -----Original Message----- From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Kurt Buff Sent: Wednesday, October 7, 2015 11:32 AM To: [email protected]<mailto:[email protected]>; ntsysadm Subject: [Exchange] So, how did they plant the malware? The article is short on details, and so is the security firm's PDF. Very scary, but nothing in the way of actionable intelligence, AFAICT http://arstechnica.com/security/2015/10/new-outlook-mailserver-attack-steals-massive-number-of-passwords/ The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited unless authorized by the sender. If you have received this e-mail in error, please immediately notify the sender by reply email and permanently delete this e-mail and any printout thereof.
