Apache plugin turns legit sites into bank-attack platforms (ars technica)
[Security] Posted Dec 20, 2012 18:44 UTC (Thu) by jake
Ars technica writes about an Apache plugin that is being used to turn Linux web servers into Windows banking malware distribution sites. "The Apache plugin, which Eset software flags as Linux/Chapro.A, contains several features designed to make infections stealthy. To prevent being widely detected, it doesn't serve malicious content when a visitor's browser user agent indicates it's coming from Google or another automated search-engine agent. It also holds its fire against IP addresses that connect to the Web server over SSH-protected channels, preventing site administrators from being exposed. It also uses browser cookies and IP logging to prevent visitors from being exposed to exploits more than once. By hiding the attacks from search engines and admins—and making it hard to determine how end-user machines are infected—the features make it harder to identify the site as compromised."
Comments (none posted)