Hackers are leveraging an IIS 6.0 vulnerability to take over Windows servers and install a malware strain that mines the Electroneum cryptocurrency. Attacks aren’t widespread, as they target a quite old IIS version, but they are happening at scale. Hackers are using CVE–2017–7269 to take over servers. This is a vulnerability discovered by two Chinese researchers in March 2017 that affects IIS’ WebDAV service. At the time it was discovered last year, the flaw was a zero-day, being under heavy exploitation for almost nine months, since June 2016.
ORIGINAL SOURCE: Bleeping Computer