Skip to main content

Hackers drop rogue Apache modules and SSH backdoors on web servers

posted onJanuary 28, 2013
by l33tdawg

A group of hackers that are infecting web servers with rogue Apache modules are also creating backdoors to Secure Shell (SSH) services in order to steal log-in credentials from administrators and users.

The hackers are replacing all of the SSH binary files on the compromised servers with backdoor-equipped versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from web security firm Sucuri said in a blog post.

"I saw some SSHD [SSH daemon] backdoors in the past in very small scale or part of public rootkits, but not like this one," Daniel Cid, Sucuri's chief technology officer, said Thursday via email. "They do not only modify the ssh daemon, but every ssh binary (ssh, ssh-agent, sshd) and their main goal is to steal passwords."

Source

Tags

Security Apache Hackers

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th