New In-Memory Malware Infiltrates Web Servers

by Cynthia Harvey

A highly stealthy strain of malware that resides entirely in memory has been silently infecting some of the world's most widely-used web servers.

A highly stealthy strain of malware has been silently infecting some of the most well-known and widely used web servers in the world, according to security researches. And what's even scarier is that the malware resides entirely in memory, without leaving any presence on the infected server's hard drives at all.

"This makes it hard for system administrators to even know it's there and very difficult for them to check system logs to find out how to fix it. Plus, if they reboot the server or aren't extremely careful, all the evidence disappears without a trace," says ESET researcher Cameron Camp.

The new malware known as Linux/Cdorked also has experts struggling to determine how the servers are being infected. The backdoor infects sites running the Apache, nginx and Lighttpd Web servers, and once it infects a server, the malware redirects website visitors to compromised sites.

Computerworld quoted ESET's Marc-Etienne M. Leveille, who wrote, "We still don't know for sure how this malicious software was deployed on the web servers. One thing is clear, this malware does not propagate by itself and it does not exploit a vulnerability in a specific software."

Read the full story at Datamation:
Stealthy Malware Is Attacking Web Servers

Follow ServerWatch on Twitter
and on Facebook

This article was originally published on Thursday May 9th 2013
Mobile Site | Full Site