Welcome to WebmasterWorld Guest from 54.221.87.97

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

New Apache Module Injection Uncovered

     

engine

1:49 pm on Jul 4, 2013 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



this past week we detected a new type of Apache module injection that is more subtle and increasingly difficult to detect. We donít know if it is a new and improved version of Darkleech or a completely different tool written by a different group.New Apache Module Injection Uncovered [blog.sucuri.net]
Identifying the injection

The first sign of this injection can be identified remotely by an iframe injection like this one:

<iframe src=httpx://ajaxfamilies[.]org/go[.]php?sid=3 width=1 ..
That gets randomly prepended at the top of the pages loaded from the compromised server. That injection is conditional, so depending on the browser, referrer or IP address it may not show up. Google also says that 500+ sites have been distributing malware through this domain
 

Featured Threads

Hot Threads This Week

Hot Threads This Month