Techno News

Apache web server is the most widely used in the world, globally to be Apache server for more than half of the sites in the world. But it turns out Apache's popularity attracts cyber criminals to commit terror.
Security and antivirus company Eset, recently ran a report uncovered network malware that attack the system Apache web server. The Malware is detected and identified as Linux/Chapro a.

The main action of the Linux malware/Chapro. An it is to inject malware-laden applications to the web page that is then displayed by the web server that is successfully compromised.

"The attack shows that there is an increase in the complexity of the attack carried out by the malware. With the complexity of cases like this spread over three countries, with specific targets so that makes it difficult for law enforcers to conduct investigation and mitigation the impacts posed, "said Pierre-Marc Bureau, Security Intelligence Program Manager from Eset, in his statement.

There are two interesting things from Linux/Chapro. A, i.e. its ability to hide so difficult was caught by system administrators, such as setting cookies on an infected system, and then hide.

Eset malware researchers first detected the Linux/Chapro. An in November 2012 which was then blocked by Eset with generic detection-Advanced Heuristic. At the time of process analysis is done, the host of the C&C server is detected to be in Germany. But soon the offline, and then disappeared.

From the analysis made in the iframe, Eset-inject by Linux/Chapro. A pointing at exploit pack on page ' Sweet Orange '.

"Host of the exploit pack is located in Lithuania. The Pack tried to get into some of the loopholes that exist in the web browser and plugins, "Pierre imbuh.

"After investigating further, deployment activities detected one variant of Win32/Zbot malware, also known as ZeuS. In recent years it is known as Zeus malware data thieves in particular banking data, "he said.

So far researchers have not seen any Eset installation Linux malware activity/Chapro. A new, after observation of thousands of users who access the Sweet Orange exploit pack before Eset to block access to the server.