Apache CDorked backdoor detection
Critical Nessus Network Monitor Plugin ID 6800
SynopsisThe remote host is running a backdoor
DescriptionThe remote host seems to be infected with the Apache CDorked backdoor. This backdoor allows a remote user to create a shell and/or pass the server commands via specially crafted HTTP requests. In addition, the backdoor is used to further infect web clients by redirecting them to sites which infect the client with malware.
SolutionManually clean the infected machine by replacing the trojan http binary. See the referenced link for more detection tools.