Embedding malware on websites using executable webserver files
Evgeny Sidorov Yandex
download slides (PDF)
The more complex and effective methods for protecting, detecting and fixing webserver hacks become, the more sophisticated the techniques that hackers employ to maintain control over the hacked webserver.
In our paper, we will describe some of the most widespread methods in 2013 of embedding malware on websites using HTTP server modules running *NIX, including:
- How hackers write these malicious modules and why they resort to recompiling the entire webserver.
- We will analyse the block of code in malicious HTTP server modules responsible for communicating with the hackers' C&C servers.
- We will examine the recompilation of an infected HTTP server.
- We will give examples of how to identify sites or entire web hosts infected through an HTTP server.
- We will tell you about the malicious module market and their value.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.
Click here for more details about the conference.