LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-19-2012, 03:44 PM   #1
etech3
Senior Member
 
Registered: Jul 2009
Location: Virginia
Distribution: Debian Stable Testing Sid Slackware CentOS
Posts: 1,055
Blog Entries: 2

Rep: Reputation: 44
New 64-bit Linux Rootkit Doing iFrame Injections


Quote:
Originally Posted by Marta Janus, Kaspersky Lab Expert
A few days ago, an interesting piece of Linux malware came up on the Full Disclosure mailing-list . It's an outstanding sample, not only because it targets 64-bit Linux platforms and uses advanced techniques to hide itself, but primarily because of the unusual functionality of infecting the websites hosted on attacked HTTP server
- and therefore ...

http://www.securelist.com/en/blog/20...ame_Injections

Last edited by unSpawn; 11-19-2012 at 04:59 PM. Reason: //Quote properly
 
Old 11-20-2012, 09:12 AM   #2
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,318
Blog Entries: 5

Rep: Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783Reputation: 783
Looks particularly nasty.
Details are here...
 
1 members found this post helpful.
Old 11-20-2012, 09:23 AM   #3
etech3
Senior Member
 
Registered: Jul 2009
Location: Virginia
Distribution: Debian Stable Testing Sid Slackware CentOS
Posts: 1,055
Blog Entries: 2

Original Poster
Rep: Reputation: 44
Good info Habitual Thanks!
 
1 members found this post helpful.
Old 11-20-2012, 12:12 PM   #4
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
It is very interesting. But, what about distros that don't have '/etc/rc.local', would it be able to insert itself ? Certainly not without root privileges.
 
Old 11-20-2012, 04:42 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,277
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
Quote:
Originally Posted by H_TeXMeX_H View Post
what about distros that don't have '/etc/rc.local', would it be able to insert itself ?
As long as you are root the vehicle doesn't matter.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: nginx: How To Block Exploits, SQL Injections, File Injections, Spam, User Agents, Etc. LXer Syndicated Linux News 0 08-08-2012 11:40 AM
rootkit hunter false positive for Xzibit Rootkit on CentOS 4.8? abefroman Linux - Security 2 12-20-2009 08:19 AM
A virus changed all my index files with iframe, how to remove that iframe line? Farman Linux - Security 10 07-16-2009 08:40 AM
force iframe content to remain in iframe? frieza Programming 1 09-17-2008 06:29 AM


All times are GMT -5. The time now is 11:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration