View source for Malicious Apache module used for content injection: Linux/Chapro.A

{{Publication
|Type=Blogpost
|Link=http://blog.eset.com/2012/12/18/malicious-apache-module-used-for-content-injection-linuxchapro-a blog.eset.com
|Author=Pierre-Marc Bureau
|NomRevue=ESET Threat Blog
|Date=2012-12-20
|Editor=ESET
|Year=2012
|Malware=Chapro
|ExploitKit=Sweet Orange
|Abstract=More than half of all web servers on the Internet use Apache, so when we discovered a malicious Apache module in the wild last month, being used to inject malicious content into web pages displayed by compromised web servers, we were understandably concerned. Our concern deepened when we discovered that this malware was being used in a scheme to steal banking credentials.

At first, we wondered if this code might be related to the Linux/[[Snasko]].A rootkit reported to the Full-Disclosure mailing list and then analyzed by CrowdStrike and Kaspersky but it turns out this is a completely different beast.
}}