main

Mystery Malware Affecting Linux/Apache Web Servers

franzon   on 25 January 2008 - 15:16 · 9 comments & 12958 views

Advertisement (Why?)
Reports are beginning to surface that some Web servers running Linux and Apache are unwittingly infecting thousands of computers, exploiting vulnerabilities in QuickTime, Yahoo! Messenger, and Windows. One way to tell if your machine is infected is if you're unable to create a directory name beginning with a numeral. Since details are still sketchy, the best advice right now is to take proactive steps to secure your servers.

We asked the Apache Software Foundation if it had any advice on how to detect the rootkit or cleanse a server when it's found. According to Mark Cox of the Apache security team, "Whilst details are thin as to how the attackers gained root access to the compromised servers, we currently have no evidence that this is due to an unfixed vulnerability in the Apache HTTP Server." We sent a similar query to Red Hat, the largest vendor of Linux, but all its security team could tell us was that "At this point in time we have not had access to any affected machines and therefore cannot give guidance on which tools would reliably detect the rootkit.

News source: it.slashdot.org

Share this Article

About the Author

Full name: Unknown
User name: franzon
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

Post a comment · Send to friend Comments · There are 9 additional comments
#1 Foub on 25 Jan 2008 - 15:19
Isn't this related to the other story on stolen security passwords that were used to gain access to these servers as well? When this happens it is irrelevant how secure your sever is when an unauthorized person has the passwords.
#2 cork1958 on 25 Jan 2008 - 15:45
Seems like I read something about that somewhere also.
#3 vetmarkjensen on 25 Jan 2008 - 16:15
Yeah, it was on the Front Page, just a few days ago.
http://www.neowin.net/news/main/08/01/23/a...rs-intensifying
#4 Mean Mr Mustard on 25 Jan 2008 - 21:33
Who are these people who get their rocks off by F'ing with everything???
(4 replies) #5 Macintosh Man on 26 Jan 2008 - 01:54
Solution: Mac OS X Leopard Server

Rock Solid Security
#5.1 Azmodan on 26 Jan 2008 - 14:01
I'd hammer my server to death rather than migrating to OSX.
#5.2 vetmarkjensen on 26 Jan 2008 - 14:48
Oh yes! Because OSX is immune to being taken over if the attacker has your passwords!

The miracle of the Reality Distortion Field, eh? Or is it that you just don't bother to read the articles before telling people to buy a Mac?
#5.3 Cyber Dog on 27 Jan 2008 - 00:59
1. OS X Server is (in part) powered by Apache... the same software, only now it costs you money.
2. Anyone who pays a premium to put the OS X GUI on otherwise free server software should not be employed in the IT field.
#5.4 RAID 0 on 27 Jan 2008 - 04:43
Hello Internetworld7, I know it's you. You can't hide behind a new screen name!

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.879) © 2000 - 2008 Neowin.net