Sophisticated Apache Backdoor In the Wild

← Back to Stories (view on slashdot.org)

Sophisticated Apache Backdoor In the Wild

Posted by samzenpus on Monday April 29, 2013 @04:05AM from the protect-ya-neck dept.

An anonymous reader writes "ESET researchers, together with web security firm Sucuri, have been analyzing a new threat affecting Apache webservers. The threat is a highly advanced and stealthy backdoor being used to drive traffic to malicious websites carrying Blackhole exploit packs. Researchers have named the backdoor Linux/Cdorked.A, and it is the most sophisticated Apache backdoor seen so far. The Linux/Cdorked.A backdoor does not leave traces on the hard-disk other than a modified 'httpd' file, the daemon (or service) used by Apache. All information related to the backdoor is stored in shared memory on the server, making detection difficult and hampering analysis."

6 of 108 comments (clear)

Min score:

Reason:

Sort:

Does it hurt? by geek · 2013-04-29 04:12 · Score: 5, Funny

Getting Cdorked in the backdoor sounds painful.
Re:doesn't look so scary by Eunuchswear · 2013-04-29 04:16 · Score: 5, Funny

Yeah, and I'm sure you could fix it with an apropriate hosts file.

--
Watch this Heartland Institute video
Re:doesn't look so scary by Anonymous Coward · 2013-04-29 05:56 · Score: 4, Funny

They might as well left the Root password as "password"
You can change it ???
Re:doesn't look so scary by Anonymous Coward · 2013-04-29 08:33 · Score: 2, Funny

incorrect is much better choice, that way the system reminds you if you forget it
Re:doesn't look so scary by Anonymous Coward · 2013-04-29 09:30 · Score: 5, Funny

They might as well left the Root password as "password"
You can change it ???
Don't worry, I already did it for you!
Re:doesn't look so scary by ebno-10db · 2013-04-29 11:20 · Score: 3, Funny

They might as well left the Root password as "password"
You can change it ???
Yes, but it's a bad idea. Think of changed passwords as security through obscurity.