I made a comment recently that was subsequently quoted in a recent ESET blog – Android “master key” leaves 900 million devices vulnerable, researchers claim – and it appears that comment may have confused one or two people. What I actually said was this: “Security based on application whitelisting relies on an accurate identification of
Some 400 web servers found infected with Linux/Cdorked.A. including 50 in Alexa’s top 100,000 websites. And this backdoor has been applied to Lighttpd and nginx binaries in addition to Apache.
This comprehensive look at the problems of malware on Linux Apache web servers explains the threats to business and helps you figure out if your organization is likely to be affected.
We clarify that the Linux/Cdorked backdoor malware leaves no traces on the hard drive "other than its modified httpd binary" which can be scanned for detection in several ways.
Analysis of a malicious backdoor serving Blackhole exploit pack found on Linux Apache webserver compromised by malware dubbed Linux/Cdorked.A, together with remediation tool and techniques.
In his summary of New Year predictions by security researchers here at ESET, Stephen Cobb pointed to expanded efforts by malware authors to target the Linux operating system. Looks like that might be right: A blog post published by Sucuri yesterday describes a backdoored version of the SSH daemon discovered on compromised servers. Interestingly, this
Apache modules are add-on code taking advantage of the Apache module API to extend the functionality of the standard Apache distro. In this case, the binary's functionality was malicious, but there is no exploitation of a known Apache vulnerability in this case.
More than half of all web servers on the Internet use Apache, so when we discovered a malicious Apache module in the wild last month, we were understandably concerned.
If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw yesterday at Blackhat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler described in their session is not some rare
National Security Agency’s (NSA) SE Linux team, citing critical gaps in the security of Android , is building a Security Enhanced (SE) version of the publicly available source code for the Android project. This is a variant of the SE Linux project co-developed by NSA and RedHat, which gives (among other things) a more granular
We’ve just come across an IRC controlled backdoor that enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about it is that it’s a Mach-O binary – targeting Mac OS X. ESET’s research team compared this to samples in our malware collection and discovered that this code
Last week, we had reports of a number of web sites being hacked and used to distribute malicious software. The web sites are spread through various countries including Brazil, Pakistan, the United Kingdom, France, and of course the United States. At the moment, it is hard to tell how the servers were compromised. All of