Tuesday 30 April 2013
A new threat is targeting Apache webservers, which are among the most widely-used webservers in the world, according to researchers at security firms ESET and Sucuri.
The threat is a highly advanced and stealthy backdoor being used to drive traffic to malicious websites carrying Blackhole exploit packs.
Researchers have named the backdoor Linux/Cdorked.A, and have described it as the most sophisticated Apache backdoor to date.
“The Linux/Cdorked.A backdoor does not leave traces on the hard-disk other than a modified httpd file, the daemon (or service) used by Apache,” said Pierre-Marc Bureau, ESET security intelligence program manager.
“All information related to the backdoor is stored in shared memory on the server, making detection difficult and hampering