We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Linux servers targeted by new drive-by iFrame attack

Linux servers targeted by new drive-by iFrame attack

Serves online banking malware

Article comments

A new Linux iFrame attack has been spotted, this time one attempting to infect its victims with the Zeus/Zbot bank login stealer, security firm ESET has reported.

The Linux/Chapro.A. attack is starting to look like part of a trend for using 64-bit Apache as a malware conduit, bearing a resemblance to the similarly-crafted but apparently unrelated 'Snasko' rootkit attack discovered last month.

Aimed at Russian and European bank users, Chapro injects malicious content into web pages, targeting Windows users vulnerable to one of several well-known Java, IE and Adobe flaws using the 'Sweet Orange exploit pack hosted on a remote server.

The attack itself throws up a front end to harvest the PIN and CVV verification codes for credit and bank cards.

A secondary main task is to hide itself from admins for as long as possible, dropping a cookie and recording the IP address of the infected machine. That means the PC will not be infected over and over when returning, making it harder for researchers to detect where a given infection happened.

"The attack described in the present analysis shows the increased complexity of malware attacks. This complicated case spreads across three different countries, targeting users from a fourth one, making it very hard for law enforcement agencies to investigate and mitigate its effects," said ESET's Pierre-Marc Bureau.

The main difference between the new attack and Snasko is its greater menace; the latter seemed rough around the edges. This one looks like a fully-functioning attack system, albeit that ESET said it hadn't detected many examples of the attack in the wild.

Share:

Comments

Advertisement
Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *