Re: Cdorked.A backdoor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, May 2, 2013 at 10:09 AM, Miguel Gonzalez <miguel_3_gonzalez@xxxxxxxx> wrote:
Dear all,

  I've been searching in the archives of the mailing list and I don't see any reference to the Cdorked.A backdoor:


  Anyone knows any way of detecting the binary has been compromised?

Since the backdoor resides in shared memory, it can be detected by inspecting this memory region.  A simple C program has been developed to check the presence Cdorked.A backdoor in the shared memory, I have pasted it here: http://apaste.info/01f9

I can't tell from experience if this has a 100% 'detection rate' for the backdoor, but it looks like a solid way of checking your server for infection.

(Credits to Marc-Etienne M.Léveillé <leveille@xxxxxxxx> for this utility)
 

 Regards,

 Miguel



--
Gr,

Mathijs
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux