Malicious Apache module used for content injection: Linux/Chapro.A

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Malicious Apache module used for content injection: Linux/Chapro.A
Botnet
Malware Chapro
Botnet/malware group
Exploit kits Sweet Orange
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / 2012-12-20
Editor/Conference ESET
Link http://blog.eset.com/2012/12/18/malicious-apache-module-used-for-content-injection-linuxchapro-a blog.eset.com (blog.eset.com Archive copy)
Author Pierre-Marc Bureau
Type Blogpost

Abstract

More than half of all web servers on the Internet use Apache, so when we discovered a malicious Apache module in the wild last month, being used to inject malicious content into web pages displayed by compromised web servers, we were understandably concerned. Our concern deepened when we discovered that this malware was being used in a scheme to steal banking credentials.

At first, we wondered if this code might be related to the Linux/Snasko.A rootkit reported to the Full-Disclosure mailing list and then analyzed by CrowdStrike and Kaspersky but it turns out this is a completely different beast.

Bibtex

 @misc{Bureau2012BFR1271,
   editor = {ESET},
   author = {Pierre-Marc Bureau},
   title = {Malicious Apache module used for content injection: Linux/Chapro.A},
   date = {20},
   month = Dec,
   year = {2012},
   howpublished = {\url{http://blog.eset.com/2012/12/18/malicious-apache-module-used-for-content-injection-linuxchapro-a blog.eset.com}},
 }