Apache plug-in doles out Zeus attack • The Register Forums

Skip to content

Whitepapers
| The Channel

Apache plug-in doles out Zeus attack

Anti-virus outfit Eset has discovered a malicious Apache module in the wild that serves up malware designed to steal banking credentials. As the company states in this post, the module, dubbed Linux/Chapro, is already being used to inject a version of Win32/Zbot (Zeus) into content served by the compromised Web servers. The …

This topic is closed for new posts.

Posted Thursday 20th December 2012 03:35 GMT

Detection

Is there anywhere that has information on how to detect this module on a server? The articles didn't seem to contain that information.

Posted Thursday 20th December 2012 07:08 GMT

A much better account

There's a much more detailed and informative account of what looks like the same underlying malware at

http://blog.unmaskparasites.com/2012/09/10/malicious-apache-module-injects-iframes/

Posted Thursday 20th December 2012 07:14 GMT

And the good news

The good news is that Google has recently been spotted detecting this and marking infected pages as such:

https://productforums.google.com/forum/#!category-topic/webmasters/malware--hacked-sites/szxNTFptv1k

Posted Thursday 20th December 2012 09:20 GMT

I thought 'Zeus' agreed with 'Spyeye' that Spyeye would gobble up Zeus about year ago. This appears to have changed?

Posted Thursday 20th December 2012 10:34 GMT

Anonymous Coward

Zeus Source Code

The Zeus source code got released/leaked a year or so ago. So most of this stuff is just variants based on the Zeus base

This topic is closed for new posts.

Forums

User topics | Article topics

Most read

Spotlight

Spam and the Byzantine Empire: How Bitcoin tech REALLY works

Prankster 'Superhero' takes on robot traffic warden AND WINS

Great Wall of China

China: Online predator or hapless host?

Vulns, exploits, hacks: Trusteer touts tech to terminate troubles

The Channel