[nycbug-talk] Cdorked.A Backdoor

James Marcus marcus.james at gmail.com
Fri May 10 13:56:53 EDT 2013

 I also thought the details on this backdoor were pretty weak.  I only read
about the vulnerability last night but I did run the python script on all
our webservers this morning and everything returned clean.


On Fri, May 10, 2013 at 1:27 PM, Pete Wright <pete at nomadlogic.org> wrote:

> On 05/10/13 08:04, Jesse Callaway wrote:
>> but yeah if it's a binary install then checksumming would be a great
>> first approach. what's scary about all this is there's no vulnerability
>> that's been pointed out... just seems to magically infect
> yea i agree with you on that jesse, as well as with bob's earlier point
> along the same lines.
> i gotta say i do like how this backdoor runs out of shared memory and
> apparently doesn't leave any traces of itself on the filesystem.  i'm
> certain that has been done before - but thought it was a pretty novel idea
> :)
> -pete
> --
> Pete Wright
> pete at nomadlogic.org
> twitter => @nomadlogicLA
> ______________________________**_________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/**mailman/listinfo/talk<http://lists.nycbug.org/mailman/listinfo/talk>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20130510/7340dc34/attachment.html>

More information about the talk mailing list