SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. malware.darkleech

malware.darkleech

Description: A higly conditional server-side malware (Darkleech or cdorked) was identified in the server. This is an ongoing campaign and it means the server was compromised with malicous Apache modules or binaries. More details here:

1- New Apache Module Injection

2- Apache Binary Backdoors on Cpanel-based servers

3- Server Compromises – Understanding Apache Module iFrame Injections and Secure Shell Backdoor

Domains involved:

http://1swifthost.speediahost.com/319c19c7059638898b1d363da61ceec0/q.php
http://67.213.213.17/63aa46fa31dda8b5/q.php
.. others  (randomly generated)

Affecting: Any type of linux-based server.

Latest update: 2013/Jun

Malware dump:


<iframe src="httx://1swifthost.speediahost.com/...