Slashdot Mirror

← Back to Stories (view on slashdot.org)

New In-Memory Rootkit Discovered By German Hoster

Posted by Soulskill on from the malware-arms-race dept.

New submitter einar2 writes "German hoster Hetzner informed customers that login data for their admin surface might have been compromised (Google translation of German original). At the end of last week, a backdoor in a monitoring server was found. Closer examination led to the discovery of a rootkit residing in memory. The rootkit does not touch files on storage but patches running processes in memory. Malicious code is directly injected into running processes. According to Hetzner the attack is surprisingly sophisticated."

2 of 91 comments (clear)

  1. Re:Kinda cool that they found it by Anonymous Coward · · Score: 5, Funny

    Even if you notice strange traffic, how do you actually find something that is only in memory?

    Through the power of Jesus Christ, our Lord and Savior.

  2. Re:Kinda cool that they found it by Anonymous Coward · · Score: 5, Funny

    On a VMWare server I would create a snapshot and then analyze the contents of the memory

    I don't always examine a couple gigs of raw memory with no context on a summer Friday but when I do I prefer Xen.