It reads commands from an official IIS log, which are used to keep track of data from IIS, including web pages and applications. By disguising commands as web access requests, the attackers can ...