Begin forwarded message: > From: The SANS Institute <consensussecurityvulnerabilityal...@sans.org> > \============================================================= > @RISK: The Consensus Security Vulnerability Alert > Vol. 13, Num. 18 > > Providing a reliable, weekly summary of newly discovered attack vectors, > vulnerabilities with active exploits, and explanations of how recent > attacks worked > > ============================================================= > … > NOTABLE RECENT SECURITY ISSUES > SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM > > Title: CDorked worm spreads through Linux servers, dropping Blackhole > Description: A new virus specifically targeting Linux systems with > CPanel installed, known as Linxu/CDorked, is currently making its way > through the Internet, dropping Blackhole exploit kits on infected > systems after replacing their copy of the local Apache server binary. > System administrators are urged to patch their systems to current > levels, and to disable remote access to CPanel except where strictly > necessary. > Reference: > http://blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html > Snort SID: 26527-26532 > ClamAV: Linux/CDorked.A
Just curious whether any of the existing Apache checks will catch this one for Linux users? -Al- -- Al Varnell Mountain View, CA ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
