Apache malware targeting online banking

[Just17]

http://www.net-security.org/malware_news.php?id=2364

Analysis of a malicious Apache module, detected by ESET as Linux/Chapro.A, found that the world's most widely used web server, Apache, is being used to carry out these attacks, injecting malicious content into web pages served by an infected Linux server, without the knowledge of the website owner.

[kjpetrie]

A bit thin on the vital content. How does the malicious module get installed into the Apache server? What can server/website owners do to guard against it?

Once a website is compromised it can try to exploit holes in browsers, in this case on Windows machines to install malware. What are the browser manufacturers/MS doing about that?

Finally, it uses a social engineering exploit, asking for information in a context where it wouldn't normally be needed.

There's no real information here, though it's useful to be reminded there are criminals out there and we all need to be careful.

[horusfalcon]

A quick google on Sweet Orange reveals that it is an exploit kit capable of delivering a wide range of payloads, and is a potent threat to Windows Users...  (and I'll leave that right there).

It's one of several exploit kits (Blackhole and Nuclear, just to name two others is a growing field) which cybercriminals now have access to for their various nefarious purposes.

kjpetrie's assessement of this article is spot-on, but there's more out there.  Sweet Orange is creating a lot of buzz in security-related web spaces.  That it's primary vector involves Apache (the most popular web server on the planet) should come as no surprise.  I'm sure the folks at Apache are looking into this with all due diligence and haste.

In reading around on this, I do note a Windows-centric bias that tends to pervade the security blogosphere/journalism space - everyone I've read so far refer to this as a "malicious Linux module" when I doubt they would know a Linux module if it reached up and bit them on their hineys.  (What is in that kool-aid these days? )  Bring your B.S. filter, and set it to "High".

The usual cautions against social engineering are well taken.  It only takes a few seconds to make that mistake, a few seconds that could be tempered by sitting on one's hands for a few more seconds while engaging one's brain to really consider what that nice, friendly-looking popup is really asking for, and why...

Later On,
D

[YouCanToo]

Pretty vague article.

[Tony]

I'm starting to worry about Just17, anything to do with Linux, and security are making him concerned. Fair enough, and rightly so.

I don't know that anything has changed greatly. I'm sure Apache Server Software will plug there holes. Often attacks are just a proof of concept, alerting that this exploit is possible; on the flip side often they are starving Ukranian coders trying to get some bucks.

Very systemic in the MS circle I believe; vulnerabilities. Big Business pluging 'em, talking about them, being a Rock Star Vulnerability plugger; it's a dangerous but lucrative game for a lot of folk in that industry, and it's gone on always.
Reading info from reputable Anti-Malware sites as always the way to get your head around all reported vulnerabilities.
For MS users there's only roughly 100,000 new variants of exploits each day, the choice of Linux is kinda easy.

I love reading the Monthly Security Bulletins from MS. Really very funny.
http://technet.microsoft.com/en-us/security/bulletin/ms12-dec  

horusfalcon:

In reading around on this, I do note a Windows-centric bias that tends to pervade the security blogosphere/journalism space - everyone I've read so far refer to this as a "malicious Linux module" when I doubt they would know a Linux module if it reached up and bit them on their hineys.  (What is in that kool-aid these days?  )  Bring your B.S. filter, and set it to "High".