Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache CDorked backdoor detection

Critical

Synopsis

The remote host is running a backdoor

Description

The remote host seems to be infected with the Apache CDorked backdoor. This backdoor allows a remote user to create a shell and/or pass the server commands via specially crafted HTTP requests. In addition, the backdoor is used to further infect web clients by redirecting them to sites which infect the client with malware.

Solution

Manually clean the infected machine by replacing the trojan http binary. See the referenced link for more detection tools.