Malicious Apache module used for content injection

#17301 by hnpl2011
Thu Dec 20, 2012 3:51 am

Linux / Chapro.A ( Eset)be found on the Apache webserver. Malware execute on Linux x64 operating system.
The main purpose Linux / Chapro.A insert iframes to the website are located in the server. This iframe point to the page containing the exploit code "Sweet Orange exploit toolkit", then download variations of Zeus - known ability to steal bank account information.
Article:
http://blog.eset.com/2012/12/18/malicio ... uxchapro-a
https://www.securelist.com/en/blog/208193935/

Attachments

e022de72cce8129bd5ac8a0675996318.zip

(16.76 KiB) Downloaded 68 times

Username

hnpl2011

Posts

48

Joined

Mon Jan 24, 2011 8:53 am

Re: Malicious Apache module used for content injection

#17454 by bsteo
Mon Dec 31, 2012 12:36 pm

Any other samples? I can't find other but this one.

Username

bsteo

Posts

85

Joined

Fri Nov 16, 2012 5:50 pm

Re: Malicious Apache module used for content injection

#17555 by hnpl2011
Thu Jan 03, 2013 2:10 am

exitthematrix wrote:Any other samples? I can't find other but this one.

Sory, I have no more!

Username

hnpl2011

Posts

48

Joined

Mon Jan 24, 2011 8:53 am

Re: Malicious Apache module used for content injection

#18381 by gied
Fri Mar 01, 2013 8:03 am

Likely similar, md5 df54e563e0325982446cc5bf6122c889
Injects iframes with document.write added to JS files, served through apache. Prevents detection by server admin or regular visitors, including search engine bots.

Attachments

module-df54e563e0325982446cc5bf6122c889.zip

pass: infected
(16.81 KiB) Downloaded 51 times

Username

gied

Posts

10

Joined

Fri Jul 15, 2011 2:06 pm

Contact