Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

New Apache Module Injection Uncovered

1:49 pm on Jul 4, 2013 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
votes: 613

this past week we detected a new type of Apache module injection that is more subtle and increasingly difficult to detect. We donít know if it is a new and improved version of Darkleech or a completely different tool written by a different group.New Apache Module Injection Uncovered [blog.sucuri.net]
Identifying the injection

The first sign of this injection can be identified remotely by an iframe injection like this one:

<iframe src=httpx://ajaxfamilies[.]org/go[.]php?sid=3 width=1 ..
That gets randomly prepended at the top of the pages loaded from the compromised server. That injection is conditional, so depending on the browser, referrer or IP address it may not show up. Google also says that 500+ sites have been distributing malware through this domain

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members