Some 400 web servers found infected with Linux/Cdorked.A. including 50 in Alexa’s top 100,000 websites. And this backdoor has been applied to Lighttpd and nginx binaries in addition to Apache.

We clarify that the Linux/Cdorked backdoor malware leaves no traces on the hard drive “other than its modified httpd binary” which can be scanned for detection in several ways.

Analysis of a malicious backdoor serving Blackhole exploit pack found on Linux Apache webserver compromised by malware dubbed Linux/Cdorked.A, together with remediation tool and techniques.

  [Update 2: a note for Mac users in Turn off that Java Lamp. And Brian Krebs notes that Oracle Ships Critical Security Update for Java] [Update to a link at java.com offering more information on disabling Java in web browsers.] This is a quick pointer to blogs posted by our colleagues in Spain and in

Now is the time to disable Java in your web browser, or even remove it from your system if that is practical. Why? The bad guys are hard at work trying to exploit a zero day vulnerability in the latest version of Java (version 1.7, Update 6.). This vulnerability is the subject of a US-CERT

Carberp is a unique case, with all the guys who organized really big botnets and made big profits (millions of US dollars) being arrested.

The latest research on the Win32 Carberp gang and the technicalities and evolution of the malware, as presented at CARO 2012.

ESET is seeing a new step of evolution for the Rovnix bootkit family.

This article was written in collaboration with my colleague Jean-Ian Boutin. The Wigon botnet (also known as Cutwail) is being used in a massive spam campaign. A multitude of ruses are used to get the user to click on a link: fake LinkedIn or Facebook notifications, free Windows licenses, fake deliveries etc. The links are