Home page logo

securecoding logo Secure Coding mailing list archives

New 64-bit Linux Rootkit Doing iFrame Injections - Securelist
From: "Kenneth R. van Wyk" <ken () krvw com>
Date: Wed, 21 Nov 2012 13:01:24 -0500

Hmmm, an interesting twist in the Linux malware world -- and a bit of a collision of traditional OS-level malware and 
app-level security woes.  This latest Linux rootkit (below) can inject an iFrame into any HTTP response sent from an 
infected web server. Thus, it can be used to spew malware into susceptible web browser clients, and appear as though 
the drive-by infection is coming from a web app hosted on the infected site.

See full write-up below.


Oh, and happy Thanksgiving to all you USA folks out there.



Kenneth R. van Wyk
KRvW Associates, LLC

Follow us on Twitter at: @KRvW or @KRvW_Associates

Attachment: smime.p7s

Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates

  By Date           By Thread  

Current thread:
  • New 64-bit Linux Rootkit Doing iFrame Injections - Securelist Kenneth R. van Wyk (Nov 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]