mailing list archives
New 64-bit Linux Rootkit Doing iFrame Injections - Securelist
From: "Kenneth R. van Wyk" <ken () krvw com>
Date: Wed, 21 Nov 2012 13:01:24 -0500
Hmmm, an interesting twist in the Linux malware world -- and a bit of a collision of traditional OS-level malware and
app-level security woes. This latest Linux rootkit (below) can inject an iFrame into any HTTP response sent from an
infected web server. Thus, it can be used to spew malware into susceptible web browser clients, and appear as though
the drive-by infection is coming from a web app hosted on the infected site.
See full write-up below.
Oh, and happy Thanksgiving to all you USA folks out there.
Kenneth R. van Wyk
KRvW Associates, LLC
Follow us on Twitter at: @KRvW or @KRvW_Associates
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
- New 64-bit Linux Rootkit Doing iFrame Injections - Securelist Kenneth R. van Wyk (Nov 21)