A ton of VPS/dedicated linux servers running Apache have been found to be zombies in a botnet serving malware with a proxy webserver package known as nginx. a few weeks ago, someone found a few twitter accounts being used to control botnets, and just today symantec posted about Google groups being used to do the same with a trojan being called Trojan.Grups.
"The infected machines observed by Sinegubko serve legitimate traffic on port 80, the standard TCP port used by websites. Behind the scenes, the rogue server sends malicious traffic over port 8080. The malicious payloads are then delivered with the help of dynamic DNS hosting providers, which offer free domain names that are mapped to the IP address of the zombie webserver."
^ from the register article
Friday, September 11, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment