Sophisticated Apache Backdoor In the Wild 108
An anonymous reader writes "ESET researchers, together with web security firm Sucuri, have been analyzing a new threat affecting Apache webservers. The threat is a highly advanced and stealthy backdoor being used to drive traffic to malicious websites carrying Blackhole exploit packs. Researchers have named the backdoor Linux/Cdorked.A, and it is the most sophisticated Apache backdoor seen so far. The Linux/Cdorked.A backdoor does not leave traces on the hard-disk other than a modified 'httpd' file, the daemon (or service) used by Apache. All information related to the backdoor is stored in shared memory on the server, making detection difficult and hampering analysis."
Does it hurt? (Score:5, Funny)
Getting Cdorked in the backdoor sounds painful.
Re:doesn't look so scary (Score:5, Funny)
Yeah, and I'm sure you could fix it with an apropriate hosts file.
Re:doesn't look so scary (Score:4, Funny)
They might as well left the Root password as "password"
You can change it ???
Re:doesn't look so scary (Score:2, Funny)
incorrect is much better choice, that way the system reminds you if you forget it
Re:doesn't look so scary (Score:5, Funny)
They might as well left the Root password as "password"
You can change it ???
Don't worry, I already did it for you!
Re:doesn't look so scary (Score:4, Funny)
They might as well left the Root password as "password"
You can change it ???
Yes, but it's a bad idea. Think of changed passwords as security through obscurity.