back to article Apache plug-in doles out Zeus attack

Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials. As the company states in this post, the module, dubbed Linux/Chapro, is already being used to inject a version of Win32/Zbot (Zeus) into content served by the compromised Web servers. The …

COMMENTS

This topic is closed for new posts.

Detection

Is there anywhere that has information on how to detect this module on a server? The articles didn't seem to contain that information.

0
0

A much better account

There's a much more detailed and informative account of what looks like the same underlying malware at

http://blog.unmaskparasites.com/2012/09/10/malicious-apache-module-injects-iframes/

0
0

And the good news

The good news is that Google has recently been spotted detecting this and marking infected pages as such:

https://productforums.google.com/forum/#!category-topic/webmasters/malware--hacked-sites/szxNTFptv1k

0
0

I thought 'Zeus' agreed with 'Spyeye' that Spyeye would gobble up Zeus about year ago. This appears to have changed?

0
0
Anonymous Coward

Zeus Source Code

The Zeus source code got released/leaked a year or so ago. So most of this stuff is just variants based on the Zeus base

0
0
This topic is closed for new posts.

Forums