Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Security researchers are sounding the alarm about a new piece of highly stealthy malware that is infecting Web servers. Called Linux/Cdorked, it redirects website visitors to compromised sites. Experts are still trying to figure out how the servers are being infected.
Ars Technica’s Dan Goodin reported, “Security researchers have uncovered an ongoing and widespread attack that causes sites running three of the Internet’s most popular Web servers to push potent malware exploits on visitors. Linux/Cdorked.A, as the malicious backdoor behind the attacks is known, has been observed infecting at least 400 Web servers, 50 of them from the Alexa top 100,000 ranking, researchers from antivirus provider Eset said. The backdoor infects sites running the Apache, nginx, and Lighttpd Web servers and has already exposed almost 100,000 end users running Eset software to attack (the AV apps protect them from infection).”
USA Today quoted ESET researcher Cameron Camp, who explained, “This rogue piece of software silently infects the most well-known and widely-used webserver in the world, the Apache web server, but without actually touching the hard drive at all. It resides entirely in memory. This makes it hard for system administrators to even know it’s there and very difficult for them to check system logs to find out how to fix it. Plus, if they reboot the server or aren’t extremely careful, all the evidence disappears without a trace.”
And Computerworld quoted ESET’s Marc-Etienne M. Leveille, who wrote, “We still don’t know for sure how this malicious software was deployed on the web servers. One thing is clear, this malware does not propagate by itself and it does not exploit a vulnerability in a specific software.”
In separate but related news, InformationWeek’s Matthew J. Schwartz noted, “The developers behind the popular open-source Web server software Nginx have released updates to patch a serious vulnerability. Nginx Tuesday announced the release of nginx-1.4.1 — as well as ‘development version’ nginx-1.5.0 — to fix a buffer-overflow vulnerability that attackers could exploit to execute arbitrary code on a Ngnix server and completely compromise it.”
RELATED NEWS AND ANALYSIS
-
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
-
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
-
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
-
Top 10 AIOps Companies
FEATURE | By Samuel Greengard,
November 05, 2020
-
What is Text Analysis?
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
-
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
-
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
-
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
-
Top 10 Chatbot Platforms
FEATURE | By Cynthia Harvey,
October 07, 2020
-
Finding a Career Path in AI
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
-
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
-
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
-
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
-
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
-
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
-
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
-
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
-
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
-
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
-
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020