[nycbug-talk] Cdorked.A Backdoor

Jesse Callaway bonsaime at gmail.com
Fri May 10 11:04:21 EDT 2013


On May 10, 2013 10:16 AM, "Chris Snyder" <chsnyder at gmail.com> wrote:
>
> On Thu, May 9, 2013 at 8:17 PM, Pete Wright <pete at nomadlogic.org> wrote:
>>
>>
>> had some cycles to dig deeper - found a python script from eset.ie that
they believe will detect this code.  it's pretty simple - so i'm not sure
how reliable it is tbh.
>
>
>
> Isn't detection a matter of comparing the system's httpd to a known-clean
binary?
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
often,yes. sometimes no?

but yeah if it's a binary install then checksumming would be a great first
approach. what's scary about all this is there's no vulnerability that's
been pointed out... just seems to magically infect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130510/7ab5c24f/attachment.htm>


More information about the talk mailing list