Pierre-Marc Bureau

Our report titled “Operation Windigo – the vivisection of a large Linux server-side credential-stealing malware campaign" details our analysis of a set of malicious programs that infect servers and desktop PCs, and send nearly 500,000 web users to malicious content daily."

There is a new bot on the block. ESET identifies it as Win32/Napolar while its author calls it solarbot. This piece of malware came to our attention mid-August because of its interesting anti-debugging and code injection techniques.

Analysis of a malicious backdoor serving Blackhole exploit pack found on Linux Apache webserver compromised by malware dubbed Linux/Cdorked.A, together with remediation tool and techniques.

More than half of all web servers on the Internet use Apache, so when we discovered a malicious Apache module in the wild last month, we were understandably concerned.