[nycbug-talk] Cdorked.A Backdoor

James Marcus marcus.james at gmail.com
Fri May 10 13:56:53 EDT 2013


 I also thought the details on this backdoor were pretty weak.  I only read
about the vulnerability last night but I did run the python script on all
our webservers this morning and everything returned clean.

James


On Fri, May 10, 2013 at 1:27 PM, Pete Wright <pete at nomadlogic.org> wrote:

> On 05/10/13 08:04, Jesse Callaway wrote:
>
>>
>>
>> but yeah if it's a binary install then checksumming would be a great
>> first approach. what's scary about all this is there's no vulnerability
>> that's been pointed out... just seems to magically infect
>>
>>
>
> yea i agree with you on that jesse, as well as with bob's earlier point
> along the same lines.
>
> i gotta say i do like how this backdoor runs out of shared memory and
> apparently doesn't leave any traces of itself on the filesystem.  i'm
> certain that has been done before - but thought it was a pretty novel idea
> :)
>
> -pete
>
>
> --
> Pete Wright
> pete at nomadlogic.org
> twitter => @nomadlogicLA
>
> ______________________________**_________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/**mailman/listinfo/talk<http://lists.nycbug.org/mailman/listinfo/talk>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20130510/7340dc34/attachment.htm>


More information about the talk mailing list