Malware researchers at ESET have uncovered a widespread cybercriminal operation that has seized control of tens of thousands of Unix servers. Learn more about how to check your systems for compromise, and prevent innocent computer users from being attacked.
I made a comment recently that was subsequently quoted in a recent ESET blog – Android “master key” leaves 900 million devices vulnerable, researchers claim – and it appears that comment may have confused one or two people. What I actually said was this: “Security based on application whitelisting relies on an accurate identification of
Some 400 web servers found infected with Linux/Cdorked.A. including 50 in Alexa’s top 100,000 websites. And this backdoor has been applied to Lighttpd and nginx binaries in addition to Apache.
This comprehensive look at the problems of malware on Linux Apache web servers explains the threats to business and helps you figure out if your organization is likely to be affected.
We clarify that the Linux/Cdorked backdoor malware leaves no traces on the hard drive "other than its modified httpd binary" which can be scanned for detection in several ways.
Analysis of a malicious backdoor serving Blackhole exploit pack found on Linux Apache webserver compromised by malware dubbed Linux/Cdorked.A, together with remediation tool and techniques.
In his summary of New Year predictions by security researchers here at ESET, Stephen Cobb pointed to expanded efforts by malware authors to target the Linux operating system. Looks like that might be right: A blog post published by Sucuri yesterday describes a backdoored version of the SSH daemon discovered on compromised servers. Interestingly, this
Apache modules are add-on code taking advantage of the Apache module API to extend the functionality of the standard Apache distro. In this case, the binary's functionality was malicious, but there is no exploitation of a known Apache vulnerability in this case.
More than half of all web servers on the Internet use Apache, so when we discovered a malicious Apache module in the wild last month, we were understandably concerned.