If your website uses the Apache, nginx, and Lighttpd Web servers, it may be under a malware attack. Your site may also be sharing that malware with your customers. As Ars Technica explained: Linux/Cdorked.A, as the malicious backdoor behind the attacks is known, has been observed infecting at least 400 Web servers, 50 of them […]
If your website uses the Apache, nginx, and Lighttpd Web servers, it may be under a malware attack. Your site may also be sharing that malware with your customers. As Ars Technica explained:
Linux/Cdorked.A, as the malicious backdoor behind the attacks is known, has been observed infecting at least 400 Web servers, 50 of them from the Alexa top 100,000 ranking, researchers from antivirus provider ESET said. The backdoor infects sites running the Apache, nginx, and Lighttpd Web servers and has already exposed almost 100,000 end users running Eset software to attack (the AV apps protect them from infection). Because ESET sees only a small percentage of overall Internet users, the actual number of people affected is presumed to be much higher.
The malware had been affecting primarily Apache servers for some time now. The discovery that the malware is more widespread than originally thought came days ago. Understanding the specifics of the malware – how it works, where it came from – is a work in progress. In fact, ESET’s Marc-Etienne M. Leveille wrote:
We still don’t know for sure how this malicious software was deployed on the web servers. We believe the infection vector is not unique. . . . One thing is clear, this malware does not propagate by itself and it does not exploit a vulnerability in a specific software. Linux/Cdorked.A is a backdoor, used by malicious actor to serve malicious content from legitimate websites.
What the malware does is modify Web server binaries on targeted sites, and then the malicious binary will redirect users to a malicious site, one that loaded with the Blackhole exploit kit.
Users of iPhones and iPads are also affected by this malware, only mobile users are sent to porn sites.
The malware is only run on servers and is not downloaded to the hard drive. Researchers say it can be detected, but I haven’t come across any suggestions on how to avoid the malware or to fix the problem. That will come eventually, as researchers get a better understanding of the malware. And we are only getting reports from one security company. Are others seeing the malware problem as well?
This looks like a story that we’ll need to keep watching to see how it unfolds.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
