Description: A higly conditional server-side malware (Darkleech or cdorked) was identified in the server. This is an ongoing campaign and it means the server was compromised with malicous Apache modules or binaries. More details here:
1- New Apache Module Injection
2- Apache Binary Backdoors on Cpanel-based servers
3- Server Compromises – Understanding Apache Module iFrame Injections and Secure Shell Backdoor
Affecting: Any type of linux-based server.
Latest update: 2013/Jun
Malware dump: