Hmmm, an interesting twist in the Linux malware world -- and a bit of a collision of traditional OS-level malware and app-level security woes. This latest Linux rootkit (below) can inject an iFrame into any HTTP response sent from an infected web server. Thus, it can be used to spew malware into susceptible web browser clients, and appear as though the drive-by infection is coming from a web app hosted on the infected site.
See full write-up below. https://www.securelist.com/en/blog/208193935/New_64_bit_Linux_Rootkit_Doing_iFrame_Injections Oh, and happy Thanksgiving to all you USA folks out there. Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com Follow us on Twitter at: @KRvW or @KRvW_Associates
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________