Embedding malware on websites using executable webserver files

Evgeny Sidorov Yandex

  download slides (PDF)

The more complex and effective methods for protecting, detecting and fixing webserver hacks become, the more sophisticated the techniques that hackers employ to maintain control over the hacked webserver.

In our paper, we will describe some of the most widespread methods in 2013 of embedding malware on websites using HTTP server modules running *NIX, including:

  • How hackers write these malicious modules and why they resort to recompiling the entire webserver.
  • We will analyse the block of code in malicious HTTP server modules responsible for communicating with the hackers' C&C servers.
  • We will examine the recompilation of an infected HTTP server.
  • We will give examples of how to identify sites or entire web hosts infected through an HTTP server.
  • We will tell you about the malicious module market and their value.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.