Thread: Compromised Apache binaries load malicious code
View Single Post
  #1   (View Single Post)  
Old 30th April 2013
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default Compromised Apache binaries load malicious code
From http://h-online.com/-1851442

Quote:
Researchers at web security firm Sucuri have discovered modified binaries in the open source Apache web server. The binaries will load malicious code or other web content without any user interaction. Only files that were installed using the cPanel administration tool are currently thought to be affected. ESET says that several hundred web servers have been compromised.

The attack has been named Linux/Cdorked.A and is difficult to detect: As cPanel doesn't install the web server through common package managers such as RPM, the verification mechanisms of the package managers won't be any help.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote